Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gtkwave-3.3.104/wave_locale.h
Examining data/gtkwave-3.3.104/examples/transaction.c
Examining data/gtkwave-3.3.104/src/lxt.c
Examining data/gtkwave-3.3.104/src/rgb.c
Examining data/gtkwave-3.3.104/src/symbol.h
Examining data/gtkwave-3.3.104/src/lxt.h
Examining data/gtkwave-3.3.104/src/vcd.c
Examining data/gtkwave-3.3.104/src/vcd.h
Examining data/gtkwave-3.3.104/src/ttranslate.c
Examining data/gtkwave-3.3.104/src/edgebuttons.c
Examining data/gtkwave-3.3.104/src/mouseover.c
Examining data/gtkwave-3.3.104/src/tcl_callbacks.h
Examining data/gtkwave-3.3.104/src/ttranslate.h
Examining data/gtkwave-3.3.104/src/showchange.c
Examining data/gtkwave-3.3.104/src/edgebuttons.h
Examining data/gtkwave-3.3.104/src/mouseover.h
Examining data/gtkwave-3.3.104/src/showchange.h
Examining data/gtkwave-3.3.104/src/fst.c
Examining data/gtkwave-3.3.104/src/gtk12compat.h
Examining data/gtkwave-3.3.104/src/fst.h
Examining data/gtkwave-3.3.104/src/entry.c
Examining data/gtkwave-3.3.104/src/cocoa/cocoa_misc.c
Examining data/gtkwave-3.3.104/src/cocoa/cocoa_misc.h
Examining data/gtkwave-3.3.104/src/cocoa/alert_sheet.h
Examining data/gtkwave-3.3.104/src/tcl_commands.c
Examining data/gtkwave-3.3.104/src/rc.c
Examining data/gtkwave-3.3.104/src/clipping.c
Examining data/gtkwave-3.3.104/src/entry.h
Examining data/gtkwave-3.3.104/src/bsearch.c
Examining data/gtkwave-3.3.104/src/rc.h
Examining data/gtkwave-3.3.104/src/clipping.h
Examining data/gtkwave-3.3.104/src/ghwlib.c
Examining data/gtkwave-3.3.104/src/bsearch.h
Examining data/gtkwave-3.3.104/src/jrb.c
Examining data/gtkwave-3.3.104/src/libz/crc32.h
Examining data/gtkwave-3.3.104/src/libz/inflate.c
Examining data/gtkwave-3.3.104/src/libz/trees.c
Examining data/gtkwave-3.3.104/src/libz/uncompr.c
Examining data/gtkwave-3.3.104/src/libz/zconf.h
Examining data/gtkwave-3.3.104/src/libz/inftrees.h
Examining data/gtkwave-3.3.104/src/libz/inflate.h
Examining data/gtkwave-3.3.104/src/libz/trees.h
Examining data/gtkwave-3.3.104/src/libz/gzguts.h
Examining data/gtkwave-3.3.104/src/libz/inffast.c
Examining data/gtkwave-3.3.104/src/libz/gzwrite.c
Examining data/gtkwave-3.3.104/src/libz/compress.c
Examining data/gtkwave-3.3.104/src/libz/example.c
Examining data/gtkwave-3.3.104/src/libz/adler32.c
Examining data/gtkwave-3.3.104/src/libz/infback.c
Examining data/gtkwave-3.3.104/src/libz/inffast.h
Examining data/gtkwave-3.3.104/src/libz/inffixed.h
Examining data/gtkwave-3.3.104/src/libz/deflate.c
Examining data/gtkwave-3.3.104/src/libz/zlib.h
Examining data/gtkwave-3.3.104/src/libz/gzclose.c
Examining data/gtkwave-3.3.104/src/libz/gzlib.c
Examining data/gtkwave-3.3.104/src/libz/zutil.c
Examining data/gtkwave-3.3.104/src/libz/deflate.h
Examining data/gtkwave-3.3.104/src/libz/gzread.c
Examining data/gtkwave-3.3.104/src/libz/crc32.c
Examining data/gtkwave-3.3.104/src/libz/zutil.h
Examining data/gtkwave-3.3.104/src/libz/inftrees.c
Examining data/gtkwave-3.3.104/src/file.c
Examining data/gtkwave-3.3.104/src/ghwlib.h
Examining data/gtkwave-3.3.104/src/jrb.h
Examining data/gtkwave-3.3.104/src/file.h
Examining data/gtkwave-3.3.104/src/pipeio.c
Examining data/gtkwave-3.3.104/src/ghw.c
Examining data/gtkwave-3.3.104/src/debug.c
Examining data/gtkwave-3.3.104/src/help.c
Examining data/gtkwave-3.3.104/src/pipeio.h
Examining data/gtkwave-3.3.104/src/ghw.h
Examining data/gtkwave-3.3.104/src/fgetdynamic.c
Examining data/gtkwave-3.3.104/src/debug.h
Examining data/gtkwave-3.3.104/src/help.h
Examining data/gtkwave-3.3.104/src/translate.c
Examining data/gtkwave-3.3.104/src/fgetdynamic.h
Examining data/gtkwave-3.3.104/src/vlist.c
Examining data/gtkwave-3.3.104/src/translate.h
Examining data/gtkwave-3.3.104/src/vcd_keywords.c
Examining data/gtkwave-3.3.104/src/lx2.c
Examining data/gtkwave-3.3.104/src/signalwindow.c
Examining data/gtkwave-3.3.104/src/vlist.h
Examining data/gtkwave-3.3.104/src/liblzma/LzmaLib.c
Examining data/gtkwave-3.3.104/src/liblzma/LzmaLib.h
Examining data/gtkwave-3.3.104/src/signalwindow.h
Examining data/gtkwave-3.3.104/src/lx2.h
Examining data/gtkwave-3.3.104/src/fsdb_wrapper_api.h
Examining data/gtkwave-3.3.104/src/color.c
Examining data/gtkwave-3.3.104/src/tcl_helper.c
Examining data/gtkwave-3.3.104/src/gnu_regex.c
Examining data/gtkwave-3.3.104/src/color.h
Examining data/gtkwave-3.3.104/src/tcl_helper.h
Examining data/gtkwave-3.3.104/src/gnu_regex.h
Examining data/gtkwave-3.3.104/src/markerbox.c
Examining data/gtkwave-3.3.104/src/shiftbuttons.c
Examining data/gtkwave-3.3.104/src/markerbox.h
Examining data/gtkwave-3.3.104/src/shiftbuttons.h
Examining data/gtkwave-3.3.104/src/menu.c
Examining data/gtkwave-3.3.104/src/menu.h
Examining data/gtkwave-3.3.104/src/bitvec.c
Examining data/gtkwave-3.3.104/src/pixmaps.c
Examining data/gtkwave-3.3.104/src/logfile.c
Examining data/gtkwave-3.3.104/src/busy.c
Examining data/gtkwave-3.3.104/src/getopt1.c
Examining data/gtkwave-3.3.104/src/analyzer.c
Examining data/gtkwave-3.3.104/src/logfile.h
Examining data/gtkwave-3.3.104/src/pixmaps.h
Examining data/gtkwave-3.3.104/src/busy.h
Examining data/gtkwave-3.3.104/src/analyzer.h
Examining data/gtkwave-3.3.104/src/pagebuttons.c
Examining data/gtkwave-3.3.104/src/gnu-getopt.h
Examining data/gtkwave-3.3.104/src/pagebuttons.h
Examining data/gtkwave-3.3.104/src/extload.c
Examining data/gtkwave-3.3.104/src/regex_wave.h
Examining data/gtkwave-3.3.104/src/extload.h
Examining data/gtkwave-3.3.104/src/ae2.c
Examining data/gtkwave-3.3.104/src/fetchbuttons.c
Examining data/gtkwave-3.3.104/src/regex.c
Examining data/gtkwave-3.3.104/src/ae2.h
Examining data/gtkwave-3.3.104/src/fetchbuttons.h
Examining data/gtkwave-3.3.104/src/ptranslate.c
Examining data/gtkwave-3.3.104/src/vcd_recoder.c
Examining data/gtkwave-3.3.104/src/strace.c
Examining data/gtkwave-3.3.104/src/ptranslate.h
Examining data/gtkwave-3.3.104/src/strace.h
Examining data/gtkwave-3.3.104/src/hierpack.c
Examining data/gtkwave-3.3.104/src/discardbuttons.c
Examining data/gtkwave-3.3.104/src/splash.c
Examining data/gtkwave-3.3.104/src/version.h
Examining data/gtkwave-3.3.104/src/hierpack.h
Examining data/gtkwave-3.3.104/src/print.c
Examining data/gtkwave-3.3.104/src/tcl_support_commands.c
Examining data/gtkwave-3.3.104/src/print.h
Examining data/gtkwave-3.3.104/src/tcl_support_commands.h
Examining data/gtkwave-3.3.104/src/mouseover_sigs.c
Examining data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc
Examining data/gtkwave-3.3.104/src/treesearch_gtk1.c
Examining data/gtkwave-3.3.104/src/baseconvert.c
Examining data/gtkwave-3.3.104/src/mouseover_sigs.h
Examining data/gtkwave-3.3.104/src/baseconvert.h
Examining data/gtkwave-3.3.104/src/helpers/evcd2vcd.c
Examining data/gtkwave-3.3.104/src/helpers/vzt2vcd.c
Examining data/gtkwave-3.3.104/src/helpers/vcd2vzt.c
Examining data/gtkwave-3.3.104/src/helpers/lxt2_write.c
Examining data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c
Examining data/gtkwave-3.3.104/src/helpers/lxt2_write.h
Examining data/gtkwave-3.3.104/src/helpers/vcd2fst.c
Examining data/gtkwave-3.3.104/src/helpers/fst2vcd.c
Examining data/gtkwave-3.3.104/src/helpers/vzt_read.c
Examining data/gtkwave-3.3.104/src/helpers/vztminer.c
Examining data/gtkwave-3.3.104/src/helpers/lxt_write.c
Examining data/gtkwave-3.3.104/src/helpers/v2l_debug_lxt2.c
Examining data/gtkwave-3.3.104/src/helpers/vzt_read.h
Examining data/gtkwave-3.3.104/src/helpers/lxt_write.h
Examining data/gtkwave-3.3.104/src/helpers/v2l_debug_lxt2.h
Examining data/gtkwave-3.3.104/src/helpers/vzt_write.c
Examining data/gtkwave-3.3.104/src/helpers/vzt_write.h
Examining data/gtkwave-3.3.104/src/helpers/v2l_debug.c
Examining data/gtkwave-3.3.104/src/helpers/ghwdump.c
Examining data/gtkwave-3.3.104/src/helpers/fst/lz4.c
Examining data/gtkwave-3.3.104/src/helpers/fst/fstapi.h
Examining data/gtkwave-3.3.104/src/helpers/fst/lz4.h
Examining data/gtkwave-3.3.104/src/helpers/fst/fastlz.c
Examining data/gtkwave-3.3.104/src/helpers/fst/fstapi.c
Examining data/gtkwave-3.3.104/src/helpers/fst/fastlz.h
Examining data/gtkwave-3.3.104/src/helpers/v2l_analyzer.h
Examining data/gtkwave-3.3.104/src/helpers/v2l_debug.h
Examining data/gtkwave-3.3.104/src/helpers/scopenav.c
Examining data/gtkwave-3.3.104/src/helpers/lxt2_read.c
Examining data/gtkwave-3.3.104/src/helpers/lxt2miner.c
Examining data/gtkwave-3.3.104/src/helpers/lxt2vcd.c
Examining data/gtkwave-3.3.104/src/helpers/vcd2lxt.c
Examining data/gtkwave-3.3.104/src/helpers/v2l_analyzer_lxt2.h
Examining data/gtkwave-3.3.104/src/helpers/fstminer.c
Examining data/gtkwave-3.3.104/src/helpers/lxt2_read.h
Examining data/gtkwave-3.3.104/src/helpers/shmidcat.c
Examining data/gtkwave-3.3.104/src/main.c
Examining data/gtkwave-3.3.104/src/treesearch.c
Examining data/gtkwave-3.3.104/src/main.h
Examining data/gtkwave-3.3.104/src/fonts.c
Examining data/gtkwave-3.3.104/src/treesearch.h
Examining data/gtkwave-3.3.104/src/wavewindow.c
Examining data/gtkwave-3.3.104/src/fonts.h
Examining data/gtkwave-3.3.104/src/savefile.c
Examining data/gtkwave-3.3.104/src/wavewindow.h
Examining data/gtkwave-3.3.104/src/getopt.c
Examining data/gtkwave-3.3.104/src/savefile.h
Examining data/gtkwave-3.3.104/src/twinwave.c
Examining data/gtkwave-3.3.104/src/tcl_np.c
Examining data/gtkwave-3.3.104/src/timeentry.c
Examining data/gtkwave-3.3.104/src/tree_component.c
Examining data/gtkwave-3.3.104/src/vzt.c
Examining data/gtkwave-3.3.104/src/wavealloca.h
Examining data/gtkwave-3.3.104/src/status.c
Examining data/gtkwave-3.3.104/src/globals.c
Examining data/gtkwave-3.3.104/src/tcl_np.h
Examining data/gtkwave-3.3.104/src/timeentry.h
Examining data/gtkwave-3.3.104/src/tree_component.h
Examining data/gtkwave-3.3.104/src/status.h
Examining data/gtkwave-3.3.104/src/vzt.h
Examining data/gtkwave-3.3.104/src/globals.h
Examining data/gtkwave-3.3.104/src/gconf.c
Examining data/gtkwave-3.3.104/src/tree.c
Examining data/gtkwave-3.3.104/src/simplereq.c
Examining data/gtkwave-3.3.104/src/currenttime.c
Examining data/gtkwave-3.3.104/src/renderopt.c
Parsing failed to find end of parameter list; semicolon terminated it in (sysname, "pstopdf" /* 7 */
#else
sprintf(sysname, "ps2pdf" /* 6 */
#endif
" " /* 1 */
"%s" /* len + 3 */
" " /* 1 */
"%s" /* len */
, zname, *GLOBALS->fileselbox_
Examining data/gtkwave-3.3.104/src/zoombuttons.c
Examining data/gtkwave-3.3.104/src/tree.h
Examining data/gtkwave-3.3.104/src/search.c
Examining data/gtkwave-3.3.104/src/simplereq.h
Examining data/gtkwave-3.3.104/src/currenttime.h
Examining data/gtkwave-3.3.104/src/renderopt.h
Examining data/gtkwave-3.3.104/src/zoombuttons.h
Examining data/gtkwave-3.3.104/src/search.h
Examining data/gtkwave-3.3.104/src/treesearch_gtk2.c
Examining data/gtkwave-3.3.104/src/vcd_saver.c
Examining data/gtkwave-3.3.104/src/hiersearch.c
Examining data/gtkwave-3.3.104/src/vcd_saver.h
Examining data/gtkwave-3.3.104/src/hiersearch.h
Examining data/gtkwave-3.3.104/src/vcd_partial.c
Examining data/gtkwave-3.3.104/src/vcd_partial.h
Examining data/gtkwave-3.3.104/src/interp.c
Examining data/gtkwave-3.3.104/src/libbz2/compress.c
Examining data/gtkwave-3.3.104/src/libbz2/randtable.c
Examining data/gtkwave-3.3.104/src/libbz2/crctable.c
Examining data/gtkwave-3.3.104/src/libbz2/bzlib_private.h
Examining data/gtkwave-3.3.104/src/libbz2/blocksort.c
Examining data/gtkwave-3.3.104/src/libbz2/bzlib.c
Examining data/gtkwave-3.3.104/src/libbz2/decompress.c
Examining data/gtkwave-3.3.104/src/libbz2/huffman.c
Examining data/gtkwave-3.3.104/src/libbz2/bzlib.h
Examining data/gtkwave-3.3.104/src/symbol.c
Examining data/gtkwave-3.3.104/src/interp.h
Examining data/gtkwave-3.3.104/src/gconf.h
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/tree_widget.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/jrb.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/vlex.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/tcl_helper.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/jrb.h
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/vlex.h
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/wavelink.h
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/splay.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/fgetdynamic.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/splay.h
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/definehash.c
Examining data/gtkwave-3.3.104/contrib/rtlbrowse/fgetdynamic.h
Examining data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c
Examining data/gtkwave-3.3.104/contrib/fst_jni/fstAPI.c
Examining data/gtkwave-3.3.104/contrib/fst_jni/fstAPI.h
Examining data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc
Examining data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc
Examining data/gtkwave-3.3.104/contrib/vpi/acc_user.h
Examining data/gtkwave-3.3.104/contrib/vpi/sys_fst.c
Examining data/gtkwave-3.3.104/contrib/vpi/vpi_user.h
FINAL RESULTS:
data/gtkwave-3.3.104/src/tcl_helper.c:3105:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
n = readlink("/proc/self/exe", commandName, 256) ;
data/gtkwave-3.3.104/src/tcl_np.c:254:15: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
length = readlink("/proc/self/exe", path, path_max_len);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:617:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpspace, "%s%c%s", P_tmpdir, slash, backpath);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1007:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(singlist + title_len, node->key.s);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1013:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mlist + mlen, singlist);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1150:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s2, "%s.%s", t->ctx->which->fullname, s);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1940:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w->text, pnt);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1956:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Marker time for '%s' is %s.\n", anno_ctx->aet_name,
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2204:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pfx, title);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2369:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pfx, title);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2557:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pfx, title);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2601:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pfx, tstr+1);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(compname_full, compname_build);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:125:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(compname_full + cnl + 1, compname);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:137:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(txt2, txt);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:332:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ln+8, "%s %s %s %s %s", cname, scratch, mname, scratch, pname);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:361:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(ln+3, "%s %s %s %s %s %d %s %d", scratch, mname, scratch, fname, scratch, &s_line, scratch, &e_line);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:442:1: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:454:1: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/gtkwave-3.3.104/contrib/vpi/sys_fst.c:493:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(n2, "%s [%d]", name, irrange);
data/gtkwave-3.3.104/contrib/vpi/sys_fst.c:497:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(n2, "%s [%d][%d:0]", name, irrange, siz/len-1);
data/gtkwave-3.3.104/contrib/vpi/sys_fst.c:502:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(n2, "%s [%d:%d]", name, ilrange, irrange);
data/gtkwave-3.3.104/contrib/vpi/sys_fst.c:506:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(n2, "%s [%d:%d][%d:0]", name, ilrange, irrange, siz/len-1);
data/gtkwave-3.3.104/examples/transaction.c:170:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(pnt + 9, "%"SCNu64, &min_time);
data/gtkwave-3.3.104/examples/transaction.c:176:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(pnt + 9, "%"SCNu64, &max_time);
data/gtkwave-3.3.104/examples/transaction.c:281:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(evt->name, buf);
data/gtkwave-3.3.104/src/ae2.c:105:1: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/gtkwave-3.3.104/src/ae2.c:118:1: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/gtkwave-3.3.104/src/ae2.c:131:1: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/gtkwave-3.3.104/src/ae2.c:491:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Encountered %lu aliases referencing %lu facs.\n", GLOBALS->ae2_num_aliases, fn);
data/gtkwave-3.3.104/src/ae2.c:527:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Warning: Reduced array %s to %d rows.\n", buf, AE2_MAX_ROWS);
data/gtkwave-3.3.104/src/ae2.c:632:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Finished building %d facs.\n", match_idx);
data/gtkwave-3.3.104/src/ae2.c:702:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(!GLOBALS->do_hier_compress) strcpy(str, buf);
data/gtkwave-3.3.104/src/ae2.c:726:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(!GLOBALS->do_hier_compress) strcpy(str, buf);
data/gtkwave-3.3.104/src/ae2.c:801:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/ae2.c:815:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Sorting facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/ae2.c:841:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Sorting facilities at hierarchy boundaries.\n");
data/gtkwave-3.3.104/src/ae2.c:861:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/ae2.c:939:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"["TTFormat"] start time.\n"AET2_RDLOAD"["TTFormat"] end time.\n", GLOBALS->min_time, GLOBALS->max_time);
data/gtkwave-3.3.104/src/ae2.c:1059:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->mv.value, buf);
data/gtkwave-3.3.104/src/ae2.c:1082:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->mv.value, buf);
data/gtkwave-3.3.104/src/ae2.c:1104:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->mv.value, buf);
data/gtkwave-3.3.104/src/ae2.c:1249:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(npr->mv.value, buf);
data/gtkwave-3.3.104/src/ae2.c:1282:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(npr->mv.value, buf);
data/gtkwave-3.3.104/src/ae2.c:1388:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Skipping array: %s (%d rows)\n", str, f->row);
data/gtkwave-3.3.104/src/ae2.c:1515:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, AET2_RDLOAD"Extracting %d traces\n", cnt);
data/gtkwave-3.3.104/src/analyzer.c:525:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alias,aliasname);
data/gtkwave-3.3.104/src/baseconvert.c:187:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf15);
data/gtkwave-3.3.104/src/baseconvert.c:234:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bigbuf, "%s"TTFormat".%s", negflag ? "-" : "", lpart, dot+1);
data/gtkwave-3.3.104/src/baseconvert.c:240:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(os, "%s"TTFormat, negflag ? "-" : "", lpart);
data/gtkwave-3.3.104/src/baseconvert.c:267:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bigbuf, UTTFormat".%s", lpart, dot+1);
data/gtkwave-3.3.104/src/baseconvert.c:273:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(os, UTTFormat, lpart);
data/gtkwave-3.3.104/src/baseconvert.c:723:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(os, TTFormat, val);
data/gtkwave-3.3.104/src/baseconvert.c:829:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(os, UTTFormat, val);
data/gtkwave-3.3.104/src/baseconvert.c:909:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rv, s);
data/gtkwave-3.3.104/src/baseconvert.c:1471:33: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(os, TTFormat, val);
data/gtkwave-3.3.104/src/baseconvert.c:1578:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(os, UTTFormat, val);
data/gtkwave-3.3.104/src/baseconvert.c:1607:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, GLOBALS->xl_file_filter[t->f_filter]->trans);
data/gtkwave-3.3.104/src/baseconvert.c:1618:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2a, s2);
data/gtkwave-3.3.104/src/baseconvert.c:1639:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, *pv);
data/gtkwave-3.3.104/src/baseconvert.c:1648:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, GLOBALS->xl_enum_filter[filt]->trans);
data/gtkwave-3.3.104/src/baseconvert.c:1721:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, buf);
data/gtkwave-3.3.104/src/baseconvert.c:1733:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2a, s2);
data/gtkwave-3.3.104/src/baseconvert.c:1789:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2a, s2);
data/gtkwave-3.3.104/src/bitvec.c:53:51: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(!strcmp(s1, s2)) { s = malloc_2(strlen(s1)+1); strcpy(s, s1); return(s); }
data/gtkwave-3.3.104/src/bitvec.c:393:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *)vadd->v, ghw_str);
data/gtkwave-3.3.104/src/bitvec.c:397:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *)vadd->v, h[i]->v.h_vector);
data/gtkwave-3.3.104/src/bitvec.c:449:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bitvec->bvname=(char *)malloc_2(strlen(b->name)+1),b->name);
data/gtkwave-3.3.104/src/bitvec.c:526:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2, str);
data/gtkwave-3.3.104/src/bitvec.c:677:57: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ns, "%s[%d]", wild+i, actual);
data/gtkwave-3.3.104/src/bitvec.c:738:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:789:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(wild, "%"TRACEFLAGSSCNFMT, &ba[nodepnt-1].flags);
data/gtkwave-3.3.104/src/bitvec.c:852:57: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ns, "%s[%d]", wild+i, actual);
data/gtkwave-3.3.104/src/bitvec.c:907:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:954:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:1053:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:1102:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(l1+1),s1);
data/gtkwave-3.3.104/src/bitvec.c:1139:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b->name+root1len-1,"[%s:%s]",s1+root1len, s2+root2len);
data/gtkwave-3.3.104/src/bitvec.c:1167:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b->name+root1len-1,"[%s]",s1+root1len);
data/gtkwave-3.3.104/src/bitvec.c:1263:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:1320:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(l1+1),s1);
data/gtkwave-3.3.104/src/bitvec.c:1344:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b->name+root1len-1,"[%s:%s]",s1+root1len, s2+root2len);
data/gtkwave-3.3.104/src/bitvec.c:1359:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(b->name+root1len-1,"[%s]",s1+root1len);
data/gtkwave-3.3.104/src/bitvec.c:1760:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name=(char *)malloc_2(l1+1),s1);
data/gtkwave-3.3.104/src/bitvec.c:1797:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name+root1len-1,"[%s:%s]",s1+root1len, s2+root2len);
data/gtkwave-3.3.104/src/bitvec.c:1825:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name+root1len-1,"[%s]",s1+root1len);
data/gtkwave-3.3.104/src/bitvec.c:2018:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(narray[i]->nname, nam);
data/gtkwave-3.3.104/src/bitvec.c:2282:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(np->nname, nam);
data/gtkwave-3.3.104/src/currenttime.c:73:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, sfx);
data/gtkwave-3.3.104/src/currenttime.c:76:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, buf);
data/gtkwave-3.3.104/src/currenttime.c:252:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, TTFormat" %cs", val, time_prefix[i]);
data/gtkwave-3.3.104/src/currenttime.c:256:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, TTFormat" sec", val);
data/gtkwave-3.3.104/src/currenttime.c:334:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, TTFormat" %cs", val, time_prefix[i]);
data/gtkwave-3.3.104/src/currenttime.c:338:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, TTFormat" sec", val);
data/gtkwave-3.3.104/src/currenttime.c:448:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, TTFormat"%c%cs", val, blackout, time_prefix[i]);
data/gtkwave-3.3.104/src/currenttime.c:452:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, TTFormat"%csec", val, blackout);
data/gtkwave-3.3.104/src/debug.c:50:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("date");
data/gtkwave-3.3.104/src/debug.c:73:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("date");
data/gtkwave-3.3.104/src/debug.c:86:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("date");
data/gtkwave-3.3.104/src/debug.c:102:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("date");
data/gtkwave-3.3.104/src/debug.c:596:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpspace, "%s%c%s", P_tmpdir, slash, backpath);
data/gtkwave-3.3.104/src/debug.c:622:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, pfx);
data/gtkwave-3.3.104/src/debug.c:623:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, title);
data/gtkwave-3.3.104/src/debug.c:632:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "[Loading %d%%] %s", pct, title);
data/gtkwave-3.3.104/src/debug.h:76:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/gtkwave-3.3.104/src/entry.c:52:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((GLOBALS->entrybox_text=(char *)malloc_2(len+1)),entry_text);
data/gtkwave-3.3.104/src/entry.c:115:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((GLOBALS->entrybox_text=(char *)malloc_2(len+1)),out_text_entry);
data/gtkwave-3.3.104/src/extload.c:184:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"stat error on '%s'\n", GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/extload.c:193:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"file '%s' was modified!\n", GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/extload.c:245:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(rc+14,"%s", sbuff2);
data/gtkwave-3.3.104/src/extload.c:248:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rc, "Scope: vcd_struct %s NULL\n", sbuff2);
data/gtkwave-3.3.104/src/extload.c:578:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(rc+6, "%s %s %s", vht, cname, ctype);
data/gtkwave-3.3.104/src/extload.c:672:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS]+GLOBALS->extload_hlen+1, fnam);
data/gtkwave-3.3.104/src/extload.c:679:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/extload.c:688:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/extload.c:713:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS]+GLOBALS->extload_hlen+1, fnam);
data/gtkwave-3.3.104/src/extload.c:724:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/extload.c:736:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/extload.c:769:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/extload.c:805:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/extload.c:845:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, GLOBALS->extload_namecache[i&F_NAME_MODULUS]);
data/gtkwave-3.3.104/src/extload.c:945:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"End tree #%d: %d vs %d symbols\n", GLOBALS->extload_curr_tree, GLOBALS->extload_i + 1, GLOBALS->numfacs);
data/gtkwave-3.3.104/src/extload.c:950:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Max tree count of %d processed, freeing extra memory.\n", GLOBALS->extload_max_tree);
data/gtkwave-3.3.104/src/extload.c:1283:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(fnam) strcpy(fnam_prev, fnam);
data/gtkwave-3.3.104/src/extload.c:1290:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS]+GLOBALS->extload_hlen+1, fnam);
data/gtkwave-3.3.104/src/extload.c:1298:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/extload.c:1324:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS]+GLOBALS->extload_hlen+1, fnam);
data/gtkwave-3.3.104/src/extload.c:1336:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/extload.c:1370:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/extload.c:1384:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(fnam) strcpy(fnam_prev, fnam);
data/gtkwave-3.3.104/src/extload.c:1413:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/extload.c:1437:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(fnam) strcpy(fnam_prev, fnam);
data/gtkwave-3.3.104/src/extload.c:1461:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, GLOBALS->extload_namecache[i&F_NAME_MODULUS]);
data/gtkwave-3.3.104/src/extload.c:1481:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(fnam) strcpy(fnam_prev, fnam);
data/gtkwave-3.3.104/src/extload.c:1565:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"End tree #%d: %d vs %d symbols\n", GLOBALS->extload_curr_tree, GLOBALS->extload_i + 1, GLOBALS->numfacs);
data/gtkwave-3.3.104/src/extload.c:1570:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Max tree count of %d processed, freeing extra memory.\n", GLOBALS->extload_max_tree);
data/gtkwave-3.3.104/src/extload.c:1681:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Could not initialize '%s' properly.\n", fname);
data/gtkwave-3.3.104/src/extload.c:1688:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Could not initialize '%s' properly.\n", fname);
data/gtkwave-3.3.104/src/extload.c:1697:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuff, "%s -info %s 2>&1", EXTLOAD_PATH, fname);
data/gtkwave-3.3.104/src/extload.c:1698:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GLOBALS->extload = popen(sbuff, "r");
data/gtkwave-3.3.104/src/extload.c:1814:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Could not initialize '%s' properly.\n", fname);
data/gtkwave-3.3.104/src/extload.c:1817:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"File is not finished dumping.\n");
data/gtkwave-3.3.104/src/extload.c:1902:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuff, "%s -hier_tree %s 2>&1", EXTLOAD_PATH, fname);
data/gtkwave-3.3.104/src/extload.c:1903:20: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GLOBALS->extload = popen(sbuff, "r");
data/gtkwave-3.3.104/src/extload.c:1954:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/extload.c:1968:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Sorting facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/extload.c:1998:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Sorting facilities at hierarchy boundaries.\n");
data/gtkwave-3.3.104/src/extload.c:2018:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/extload.c:2130:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, *value);
data/gtkwave-3.3.104/src/extload.c:2201:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, EXTLOAD"Import: %s\n", np->nname);
data/gtkwave-3.3.104/src/extload.c:2258:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuff, "%s -vc -vidcode %d %s 2>&1", EXTLOAD_PATH, txidx_in_trace, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/extload.c:2259:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GLOBALS->extload = popen(sbuff, "r");
data/gtkwave-3.3.104/src/fgetdynamic.c:77:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s3, s2);
data/gtkwave-3.3.104/src/fgetdynamic.c:112:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pnt, w->curr->payload);
data/gtkwave-3.3.104/src/file.c:82:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->pFileChooseFilterName, t);
data/gtkwave-3.3.104/src/file.c:124:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*GLOBALS->fileselbox_text, allocbuf);
data/gtkwave-3.3.104/src/file.c:188:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lpstrFilter, "%s%c%s%c", "All", 0, "*.*", 0);
data/gtkwave-3.3.104/src/file.c:193:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lpstrFilter, "%s%c%s%c%s%c%s%c", pattn, 0, pattn, 0, "All", 0, "*.*", 0); /* cppcheck */
data/gtkwave-3.3.104/src/file.c:214:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szPath, szFile);
data/gtkwave-3.3.104/src/file.c:263:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*GLOBALS->fileselbox_text, szFile);
data/gtkwave-3.3.104/src/file.c:264:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*GLOBALS->fileselbox_text + szlen, suf_str);
data/gtkwave-3.3.104/src/file.c:407:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*GLOBALS->fileselbox_text, can);
data/gtkwave-3.3.104/src/file.c:413:91: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#warning Absolute file path warnings might be issued by the file chooser dialogue on this system!
data/gtkwave-3.3.104/src/file.c:559:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*GLOBALS->fileselbox_text, allocbuf);
data/gtkwave-3.3.104/src/file.c:570:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix, pattn);
data/gtkwave-3.3.104/src/file.c:595:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2, s);
data/gtkwave-3.3.104/src/file.c:596:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s2, suffix);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:520:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bf, "Scope: %s %s %s", type, scope->name, scope->module ? scope->module : "NULL");
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:781:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bf, "Scope: vcd_struct %s %s", str->name, "NULL");
data/gtkwave-3.3.104/src/fst.c:349:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Max number (%d) of type attributes reached, please increase WAVE_VARXT_MAX_ID.\n", WAVE_VARXT_MAX_ID);
data/gtkwave-3.3.104/src/fst.c:505:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Internal error, nonsequential enum tables definition encountered, exiting.\n");
data/gtkwave-3.3.104/src/fst.c:622:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Processing %d facs.\n", GLOBALS->numfacs);
data/gtkwave-3.3.104/src/fst.c:705:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Exiting, missing or malformed names table encountered.\n");
data/gtkwave-3.3.104/src/fst.c:1177:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Built %d signal%s and %d alias%s.\n",
data/gtkwave-3.3.104/src/fst.c:1186:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/fst.c:1193:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Sorting facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/fst.c:1223:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Sorting facilities at hierarchy boundaries.\n");
data/gtkwave-3.3.104/src/fst.c:1243:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/fst.c:1280:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"DUPLICATE FAC: '%s'\n", GLOBALS->facs[i]->name);
data/gtkwave-3.3.104/src/fst.c:1287:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Exiting, %d duplicate signals are present.\n", num_dups);
data/gtkwave-3.3.104/src/fst.c:1763:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int rc = sscanf(pnt, "%lg %lg %"SCNu64" %"SCNu64" %s", &m, &b, &xs, &xe, vs);
data/gtkwave-3.3.104/src/fst.c:1862:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_RDLOAD"Extracting %d traces\n", cnt);
data/gtkwave-3.3.104/src/gconf.c:567:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int len = sprintf(ks, WAVE_GCONF_DIR"/%d", wave_rpc_id);
data/gtkwave-3.3.104/src/gconf.c:628:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(ks, WAVE_GCONF_DIR"/%d%s", wave_rpc_id, key);
data/gtkwave-3.3.104/src/gconf.c:642:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(ks, WAVE_GCONF_DIR"/%d%s", wave_rpc_id, key);
data/gtkwave-3.3.104/src/ghw.c:422:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->name, (char *)pfx);
data/gtkwave-3.3.104/src/ghw.c:449:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (GLOBALS->asbuf, "%s]", pfx);
data/gtkwave-3.3.104/src/ghw.c:479:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(GLOBALS->asbuf, "%s%c"GHWPRI32,
data/gtkwave-3.3.104/src/ghw.c:510:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(GLOBALS->asbuf, "%s%c"GHWPRI32,
data/gtkwave-3.3.104/src/ghw.c:541:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(GLOBALS->asbuf, "%s%c"GHWPRI32,
data/gtkwave-3.3.104/src/ghw.c:598:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->name, (char *)pfx);
data/gtkwave-3.3.104/src/ghw.c:608:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->name, (char *)pfx);
data/gtkwave-3.3.104/src/ghw.c:690:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name, (char *)hie->name);
data/gtkwave-3.3.104/src/ghw.c:1281:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name, base_hier); /* scan-build false warning here, thinks name[1] is total length */
data/gtkwave-3.3.104/src/ghwlib.c:38:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
h->stream = popen(p, "r");
data/gtkwave-3.3.104/src/ghwlib.c:1542:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (GHWPRI32, val->i32);
data/gtkwave-3.3.104/src/ghwlib.c:1545:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (GHWPRI64, val->i64);
data/gtkwave-3.3.104/src/ghwlib.c:1590:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (buf, len, GHWPRI32, val->i32);
data/gtkwave-3.3.104/src/ghwlib.c:1593:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf (buf, len, GHWPRI64, val->i64);
data/gtkwave-3.3.104/src/ghwlib.c:1959:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (GHWPRI32 " %s " GHWPRI32,
data/gtkwave-3.3.104/src/ghwlib.c:1964:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (GHWPRI64 " %s " GHWPRI64,
data/gtkwave-3.3.104/src/globals.c:1432:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, o);
data/gtkwave-3.3.104/src/gnu_regex.c:629:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUG_PRINT1(x) if (debug) printf (x)
data/gtkwave-3.3.104/src/gnu_regex.c:630:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUG_PRINT2(x1, x2) if (debug) printf (x1, x2)
data/gtkwave-3.3.104/src/gnu_regex.c:631:46: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUG_PRINT3(x1, x2, x3) if (debug) printf (x1, x2, x3)
data/gtkwave-3.3.104/src/gnu_regex.c:632:50: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUG_PRINT4(x1, x2, x3, x4) if (debug) printf (x1, x2, x3, x4)
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:479:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, optarg);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:508:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:211:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "GetTempPath() failed in " __FILE__ " line %d, exiting.\n", __LINE__);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:219:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "GetTempFileName() failed in " __FILE__ " line %d, exiting.\n", __LINE__);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:828:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "Seek to #%" PRId64 " (whence = %d) failed!\n", offset, whence);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:946:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vbuf, FST_WRITER_STR);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:952:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbuf, asctime(localtime(&walltime)));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1709:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "value chains: %d\n", cnt);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1785:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "<< dump file size limit reached, stopping dumping >>\n");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2126:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fnam, "%s.hier", xc->filename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2158:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hf, xc->filename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2221:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hf, xc->filename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2365:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path2, path);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2539:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstWriterSetParallelMode(), FST_WRITER_PARALLEL not enabled during compile, exiting.\n");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2805:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
elem_count_len = sprintf(elem_count_buf, "%" PRIu32, elem_count);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2864:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstWriterCreateEnumTable() total_len: %d, pos: %d\n", total_len, pos);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2865:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "*%s*\n", attr_str);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2926:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "Could not realloc() in fstWriterEmitValueChange, exiting.\n");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3052:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3101:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3161:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "Could not realloc() in fstWriterEmitVariableLengthValueChange, exiting.\n");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3406:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "Seek to #%" PRId64 " (whence = %d) failed!\n", offset, whence);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3545:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xc->curr_flat_hier_nam + chl + 1, nam);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3549:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xc->curr_flat_hier_nam, nam);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3911:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fnam, "%s.hier_%d_%p", xc->filename, getpid(), (void *)xc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4542:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hf, "%s.upk_%d_%p", xc->filename, getpid(), (void *)xc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4726:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderInit(), geom uncompress rc = %d, exiting.\n", rc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5017:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "<< EOF >>\n");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5056:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "sec: %u seclen: %d begtim: %d endtim: %d\n",
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5058:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "mem_required_for_traversal: %d\n", (int)mem_required_for_traversal);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5076:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "time section unc: %d, com: %d (%d items)\n",
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5096:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderIterBlocks2(), tsec uncompress rc = %d, exiting.\n", rc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5152:58: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wx_len = sprintf(wx_buf, "$dump%s $end\n", (xc->blackout_activity[cur_blackout++]) ? "on" : "off");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5174:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderIterBlocks2(), frame uncompress rc: %d, exiting.\n", rc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5314:82: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wx_len = sprintf(wx_buf, "r%.16g %s\n", d, vcdid_buf);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5337:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "frame_uclen: %d, frame_clen: %d, frame_maxhandle: %d\n",
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5339:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "vc_maxhandle: %d, packtype: %c\n", (int)vc_maxhandle, packtype);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5347:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "indx_pos: %d (%d bytes)\n", (int)indx_pos, (int)chain_clen);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5466:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "decompressed chain idx len: %" PRIu32 "\n", idx);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5534:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderIterBlocks2(), fac: %d clen: %d (rc=%d), exiting.\n", (int)i, (int)val, rc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5588:58: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wx_len = sprintf(wx_buf, "$dump%s $end\n", (xc->blackout_activity[cur_blackout++]) ? "on" : "off");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6088:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "rvat sec: %u seclen: %d begtim: %d endtim: %d\n",
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6090:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "mem_required_for_traversal: %d\n", (int)mem_required_for_traversal);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6109:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "time section unc: %d, com: %d (%d items)\n",
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6126:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderGetValueFromHandleAtTime(), tsec uncompress rc = %d, exiting.\n", rc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6174:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderGetValueFromHandleAtTime(), frame decompress rc: %d, exiting.\n", rc);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6185:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "frame_uclen: %d, frame_clen: %d, frame_maxhandle: %d\n",
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6187:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "vc_maxhandle: %d\n", (int)xc->rvat_vc_maxhandle);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6195:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "indx_pos: %d (%d bytes)\n", (int)indx_pos, (int)chain_clen);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6306:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "decompressed chain idx len: %" PRIu32 "\n", idx);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6366:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FST_APIMESS "fstReaderGetValueFromHandleAtTime(), rvat decompress clen: %d (rc=%d), exiting.\n", (int)xc->rvat_chain_len, rc);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:103:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fstname, optarg);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:109:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, optarg);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:138:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fstname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/fstminer.c:299:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/fstminer.c:304:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(match, optarg);
data/gtkwave-3.3.104/src/helpers/fstminer.c:382:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:247:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Internal error: vch(%d) >= num_dict_entries("LXT2_RD_LD")\n", vch, b->num_dict_entries);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:268:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lt->value[idx]+lendelta, b->string_pointers[vch]);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:272:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Internal error "LXT2_RD_LD" ('%s') vs %d ('%s')\n",
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:354:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LXT2_RD_ENC_SUB4: fprintf(stderr, LXT2_RDLOAD"Internal error in granule 0 position 0\n");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:390:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Internal error: vch(%d) >= num_dict_entries("LXT2_RD_LD")\n", vch, b->num_dict_entries);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:428:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lt->value[idx]+lendelta, b->string_pointers[vch]);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:445:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Internal error "LXT2_RD_LD" ('%s') vs %d ('%s')\n",
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:595:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Malformed section\n");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:614:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"dictionary corrupt, exiting\n");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:676:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Map index width of %d is illegal, exiting.\n", lt->fac_map_index_width);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:714:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Curpos index width of %d is illegal, exiting.\n", lt->fac_curpos_width);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:786:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"*** Not an lxt file ***\n");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:793:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"*** Version %d lxt not supported ***\n", version);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:800:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"*** Granule size of %d (>%d) not supported ***\n", lt->granule_size, LXT2_RD_GRANULE_SIZE);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:846:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"*** Nothing to do, zero facilities found.\n");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:852:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD LXT2_RD_LD" facilities\n", lt->numfacs);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:867:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"*** name section mangled %d (act) vs "LXT2_RD_LD" (exp)\n", rc, lt->zfacname_predec_size);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:892:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"*** geometry section mangled %d (act) vs %d (exp)\n", rc, t);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1000:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Read %d block header%s OK\n", lt->numblocks, (lt->numblocks!=1) ? "s" : "");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1002:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"["LXT2_RD_LLD"] start time\n", lt->start);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1003:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"["LXT2_RD_LLD"] end time\n", lt->end);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1004:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"\n");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1493:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"block [%d] processing "LXT2_RD_LLD" / "LXT2_RD_LLD"%s\n", blk, b->start, b->end, gate ? " ..." : "");
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1557:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"short read on subblock %ld vs "LXT2_RD_LD" (exp), ignoring\n", strm.total_out, unclen);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1588:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"short read on block %d vs "LXT2_RD_LD" (exp), ignoring\n", rc, b->uncompressed_siz);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1629:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"block [%d] processed "LXT2_RD_LLD" / "LXT2_RD_LLD"\n", blkfinal, bfinal->start, bfinal->end);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:489:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc((s->namlen=strlen(name))+1),name);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:546:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lt->compress_fac_str, str);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1032:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tname, "%s_%03u.lxt", lt->lxtname, ++lt->break_number);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1663:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vcopy, d_buf);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1743:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vcopy, value);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1814:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfix, value);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1825:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfix+lendelta, value);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1965:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vcopy, vpnt);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:226:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:231:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(match, optarg);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:302:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:386:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:392:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, optarg);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:427:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:553:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc((s->namlen=strlen(name))+1),name);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:610:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lt->compress_fac_str, str);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:1934:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vcopy, vpnt);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:2613:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vcopy, vpnt);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:145:33: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(rc+14,"%s", sbuff2);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:148:41: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rc, "Scope: vcd_struct %s NULL\n", sbuff2);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:205:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(rc+6, "%s %s %s", vht, cname, ctype+1);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:255:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cstring, fst_scope_name);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:283:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuff, "%s -info %s 2>&1", EXTLOAD_PATH, fname);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:284:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extload = popen(sbuff, "r");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:297:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sbuff, "%s -tree %s 2>&1", EXTLOAD_PATH, fname);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:298:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
extload = popen(sbuff, "r");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:484:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bin_fixbuff, EXTCONV_PATH" %s", vname);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:485:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(bin_fixbuff, "r");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:499:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bin_fixbuff, EXT2CONV_PATH" %s", vname);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:500:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(bin_fixbuff, "r");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:508:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(bin_fixbuff, EXT3CONV_PATH" %s", vname);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:509:8: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(bin_fixbuff, "r");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1013:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cstring, fst_scope_name2);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1082:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buf+10, "%"SCNd64, &tzero);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1092:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buf, "%"SCNd64, &tzero);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1628:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ucase_ext, EXTLOAD_SUFFIX);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1633:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ucase_ext, EXT2LOAD_SUFFIX);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1638:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ucase_ext, EXT3LOAD_SUFFIX);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1745:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, optarg);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1751:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1803:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1808:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:255:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:259:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:275:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufold, "%s[%d]", root_v->name, root_v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:276:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:280:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufold, "%s[%d:%d]", root_v->name, root_v->msi, root_v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:281:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:591:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vst, varsplit);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:701:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slisthier+len,s->str);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:705:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slisthier+len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:720:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,str);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:806:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,yytext+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:830:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value+fill,vector);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:834:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:841:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector+skip);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:862:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:875:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,yytext+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:933:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1088:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1198:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1209:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,slisthier);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1210:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1211:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len+1,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1216:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1227:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1238:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,slisthier);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1239:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1240:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len+1,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1245:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1350:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1354:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1662:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1663:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+dlen,fname);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1664:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
vcd_handle=popen(str,"r");
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1812:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:261:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:265:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:281:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufold, "%s[%d]", root_v->name, root_v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:282:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:286:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufold, "%s[%d:%d]", root_v->name, root_v->msi, root_v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:287:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:596:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vst, varsplit);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:706:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slisthier+len,s->str);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:710:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slisthier+len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:725:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,str);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:811:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,yytext+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:835:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value+fill,vector);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:839:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:846:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector+skip);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:867:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:880:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,yytext+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:938:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1090:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1200:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1211:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,slisthier);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1212:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1213:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len+1,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1218:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1229:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1240:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,slisthier);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1241:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1242:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len+1,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1247:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1352:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1356:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1586:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1587:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+dlen,fname);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1588:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
vcd_handle=popen(str,"r");
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1746:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1943:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, optarg);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1949:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1964:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(optarg, "%"SCNu64, &opt_break_size);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:2004:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:2009:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:263:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:267:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:283:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufold, "%s[%d]", root_v->name, root_v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:284:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:288:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufold, "%s[%d:%d]", root_v->name, root_v->msi, root_v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:289:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:598:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vst, varsplit);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:708:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slisthier+len,s->str);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:712:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slisthier+len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:727:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,str);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:813:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,yytext+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:837:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value+fill,vector);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:841:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:848:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector+skip);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:869:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:882:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,yytext+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:940:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1221:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,slisthier);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1222:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1223:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len+1,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1228:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1239:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1250:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,slisthier);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1251:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len,vcd_hier_delimeter);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1252:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+slisthier_len+1,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1257:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,yytext);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1362:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d]", v->name, v->msi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1366:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s[%d:%d]", v->name, v->msi, v->lsi);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1596:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1597:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+dlen,fname);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1598:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
vcd_handle=popen(str,"r");
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1754:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1954:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, optarg);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1960:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1975:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(optarg, "%"SCNu64, &opt_break_size);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:2018:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:2023:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:389:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:395:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outname, optarg);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:433:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1407:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"short read on block %p %d vs "VZT_RD_LD" (exp), ignoring\n", (void *)b, rc, b->uncompressed_siz);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1477:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"block [%d] processing "VZT_RD_LLD" / "VZT_RD_LLD"%s\n", blk, b->start, b->end, gate ? " ..." : "");
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1544:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"block [%d] processed "VZT_RD_LLD" / "VZT_RD_LLD"\n", blkfinal, bfinal->start, bfinal->end);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1705:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"*** Not a vzt file ***\n");
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1712:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"*** Version %d vzt not supported ***\n", version);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1719:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"*** Granule size of %d (>%d) not supported ***\n", lt->granule_size, VZT_RD_GRANULE_SIZE);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1765:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD VZT_RD_LD" facilities\n", lt->numfacs);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1798:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"*** name section mangled %d (act) vs "VZT_RD_LD" (exp)\n", rc, lt->zfacname_predec_size);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1846:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"*** geometry section mangled %d (act) vs %d (exp)\n", rc, t);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1901:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Total value bits: "VZT_RD_LD"\n", lt->total_values);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1983:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Read %d block header%s OK\n", lt->numblocks, (lt->numblocks!=1) ? "s" : "");
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1985:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"["VZT_RD_LLD"] start time\n", lt->start);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1986:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"["VZT_RD_LLD"] end time\n", lt->end);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1987:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"\n");
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2173:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"%d facilities (after vectorization)\n", num_after_combine);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2176:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"%d complex vectors synthesized\n", num_synvecs);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2177:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(num_synalias) fprintf(stderr, VZT_RDLOAD"%d complex aliases synthesized\n", num_synalias);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2179:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"\n");
data/gtkwave-3.3.104/src/helpers/vzt_write.c:605:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc((s->namlen=strlen(name))+1),name);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:662:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lt->compress_fac_str, str);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1082:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tname, "%s_%03d.vzt", lt->vztname, ++lt->break_number);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1776:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfix, value);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1787:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfix+lendelta, value);
data/gtkwave-3.3.104/src/helpers/vztminer.c:228:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, optarg);
data/gtkwave-3.3.104/src/helpers/vztminer.c:233:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(match, optarg);
data/gtkwave-3.3.104/src/helpers/vztminer.c:311:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lxname, argv[optind++]);
data/gtkwave-3.3.104/src/hiersearch.c:65:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+4, t2->name);
data/gtkwave-3.3.104/src/hiersearch.c:84:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+3, tmp3);
data/gtkwave-3.3.104/src/hiersearch.c:91:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+3, t2->name);
data/gtkwave-3.3.104/src/hiersearch.c:138:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+3, tmp3);
data/gtkwave-3.3.104/src/hiersearch.c:145:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+3, t2->name);
data/gtkwave-3.3.104/src/hiersearch.c:175:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+4, t2->name);
data/gtkwave-3.3.104/src/hiersearch.c:217:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf,tc->label->name);
data/gtkwave-3.3.104/src/hiersearch.c:218:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(tc->next) strcat(buf,hier_str);
data/gtkwave-3.3.104/src/hiersearch.c:242:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((GLOBALS->entrybox_text_local_hiersearch_c_1=(char *)malloc_2(len+1)),entry_text);
data/gtkwave-3.3.104/src/libbz2/bzlib.c:1417:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mode2, writing ? "w" : "r" );
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:65:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stderr, \
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:74:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf)
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:76:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1)
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:78:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2)
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:80:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2,za3)
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:82:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2,za3,za4)
data/gtkwave-3.3.104/src/libbz2/bzlib_private.h:84:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2,za3,za4,za5)
data/gtkwave-3.3.104/src/libz/gzguts.h:86:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/gtkwave-3.3.104/src/libz/gzguts.h:88:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/gtkwave-3.3.104/src/libz/gzguts.h:110:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/gtkwave-3.3.104/src/libz/gzguts.h:110:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/gtkwave-3.3.104/src/libz/gzlib.c:216:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state->path, path);
data/gtkwave-3.3.104/src/libz/gzlib.c:614:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state->msg, state->path);
data/gtkwave-3.3.104/src/libz/gzlib.c:616:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(state->msg, msg);
data/gtkwave-3.3.104/src/libz/gzwrite.c:417:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)vsprintf(next, format, va);
data/gtkwave-3.3.104/src/libz/gzwrite.c:421:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(next, format, va);
data/gtkwave-3.3.104/src/libz/gzwrite.c:425:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf(next, state->size, format, va);
data/gtkwave-3.3.104/src/libz/gzwrite.c:428:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(next, state->size, format, va);
data/gtkwave-3.3.104/src/libz/gzwrite.c:511:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12,
data/gtkwave-3.3.104/src/libz/gzwrite.c:517:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11,
data/gtkwave-3.3.104/src/libz/gzwrite.c:522:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9,
data/gtkwave-3.3.104/src/libz/gzwrite.c:526:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/gtkwave-3.3.104/src/libz/zutil.h:242:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/gtkwave-3.3.104/src/libz/zutil.h:243:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/gtkwave-3.3.104/src/libz/zutil.h:244:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/gtkwave-3.3.104/src/libz/zutil.h:245:48: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/gtkwave-3.3.104/src/libz/zutil.h:246:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/gtkwave-3.3.104/src/logfile.c:177:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sel2, "%s%c", sel, (unsigned char)gch);
data/gtkwave-3.3.104/src/logfile.c:260:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sel2, "%s%c", sel, (unsigned char)gch);
data/gtkwave-3.3.104/src/logfile.c:414:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Could not open logfile '%s'\n", default_text);
data/gtkwave-3.3.104/src/logfile.c:543:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(log_c->default_text, default_text);
data/gtkwave-3.3.104/src/logfile.c:570:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Could not open logfile '%s'\n", default_text);
data/gtkwave-3.3.104/src/lx2.c:76:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Finished building %d facs.\n", GLOBALS->numfacs);
data/gtkwave-3.3.104/src/lx2.c:95:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f_name[0], fnam);
data/gtkwave-3.3.104/src/lx2.c:109:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f_name[(i+1)&F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/lx2.c:137:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf(buf, "%s[%d:%d]", f_name[(i)&F_NAME_MODULUS],node_block[i].msi, node_block[i].lsi);
data/gtkwave-3.3.104/src/lx2.c:141:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/lx2.c:158:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf(buf, "%s[%d]", f_name[(i)&F_NAME_MODULUS],node_block[i].msi);
data/gtkwave-3.3.104/src/lx2.c:162:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/lx2.c:187:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, f_name[(i)&F_NAME_MODULUS]);
data/gtkwave-3.3.104/src/lx2.c:250:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Merging in %d aliases.\n", numalias);
data/gtkwave-3.3.104/src/lx2.c:284:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/lx2.c:318:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Sorting facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/lx2.c:353:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Sorting facilities at hierarchy boundaries.\n");
data/gtkwave-3.3.104/src/lx2.c:373:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/lx2.c:428:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"--begin/--end options yield zero blocks, ignoring.\n");
data/gtkwave-3.3.104/src/lx2.c:497:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, *value);
data/gtkwave-3.3.104/src/lx2.c:736:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXT2_RDLOAD"Extracting %d traces\n", cnt);
data/gtkwave-3.3.104/src/lxt.c:343:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"zdictionary_offset = %08x\n", GLOBALS->zdictionary_offset_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:344:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"zdictionary_predec_size = %08x\n\n", GLOBALS->zdictionary_predec_size_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:345:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"dict_num_entries = %d\n", GLOBALS->dict_num_entries_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:346:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"dict_string_mem_required = %d\n", GLOBALS->dict_string_mem_required_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:347:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"dict_16_offset = %d\n", GLOBALS->dict_16_offset_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:348:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"dict_24_offset = %d\n", GLOBALS->dict_24_offset_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:349:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(fprintf(stderr, LXTHDR"dict_32_offset = %d\n", GLOBALS->dict_32_offset_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:351:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Dictionary compressed MVL2 change records detected...\n");
data/gtkwave-3.3.104/src/lxt.c:356:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:361:56: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(offs!=lseek(GLOBALS->fd_lxt_c_1, offs, SEEK_SET)) { fprintf(stderr, LXTHDR"dict lseek error at offset %08x\n", (unsigned int)offs); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:367:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"section offs for name decompression = %08x of len %d\n", offs, GLOBALS->dict_num_entries_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:368:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Decompressed size is %d bytes (vs %d)\n", rc, total_mem));
data/gtkwave-3.3.104/src/lxt.c:369:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=total_mem) { fprintf(stderr, LXTHDR"decompression size disparity %d bytes (vs %d)\n", rc, total_mem); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:377:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Dict %d: '1%s'\n", i, GLOBALS->dict_string_mem_array_lxt_c_1[i]));
data/gtkwave-3.3.104/src/lxt.c:385:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"...expanded %d entries from %08x into %08x bytes.\n", GLOBALS->dict_num_entries_lxt_c_1, GLOBALS->zdictionary_predec_size_lxt_c_1, GLOBALS->dict_string_mem_required_lxt_c_1);
data/gtkwave-3.3.104/src/lxt.c:414:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:418:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(offs!=lseek(GLOBALS->fd_lxt_c_1, offs, SEEK_SET)) { fprintf(stderr, LXTHDR"zfacname lseek error at offset %08x\n", (unsigned int)offs); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:426:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"section offs for name decompression = %08x of len %d\n", offs, GLOBALS->zfacname_size_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:427:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Decompressed size is %d bytes (vs %d)\n", rc, total_mem));
data/gtkwave-3.3.104/src/lxt.c:428:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=total_mem) { fprintf(stderr, LXTHDR"decompression size disparity %d bytes (vs %d)\n", rc, total_mem); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:433:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Building %d facilities.\n", GLOBALS->numfacs);
data/gtkwave-3.3.104/src/lxt.c:444:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Encountered facility %d: '%s'\n", i, bufcurr));
data/gtkwave-3.3.104/src/lxt.c:472:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:476:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(offs!=lseek(GLOBALS->fd_lxt_c_1, offs, SEEK_SET)) { fprintf(stderr, LXTHDR"zfacgeometry lseek error at offset %08x\n", (unsigned int)offs); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:484:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"section offs for facgeometry decompression = %08x of len %d\n", offs, GLOBALS->zfacgeometry_size_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:485:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Decompressed size is %d bytes (vs %d)\n", rc, total_mem));
data/gtkwave-3.3.104/src/lxt.c:486:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=total_mem) { fprintf(stderr, LXTHDR"decompression size disparity %d bytes (vs %d)\n", rc, total_mem); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:500:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"%s[%d:%d]\n", f_name[i], node_block[i].msi, node_block[i].lsi));
data/gtkwave-3.3.104/src/lxt.c:555:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Time table position: %08x\n", GLOBALS->time_table_offset_lxt_c_1 + 12));
data/gtkwave-3.3.104/src/lxt.c:557:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Total cycles: %d\n", GLOBALS->total_cycles_lxt_c_2));
data/gtkwave-3.3.104/src/lxt.c:565:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:569:64: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if((offs+4)!=lseek(GLOBALS->fd_lxt_c_1, offs+4, SEEK_SET)) { fprintf(stderr, LXTHDR"ztime_table lseek error at offset %08x\n", (unsigned int)offs); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:577:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"section offs for timetable decompression = %08x of len %d\n", offs, GLOBALS->ztime_table_size_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:578:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Decompressed size is %d bytes (vs %d)\n", rc, total_mem));
data/gtkwave-3.3.104/src/lxt.c:579:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=total_mem) { fprintf(stderr, LXTHDR"decompression size disparity %d bytes (vs %d)\n", rc, total_mem); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:589:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"First cycle: %d\n", GLOBALS->first_cycle_lxt_c_2));
data/gtkwave-3.3.104/src/lxt.c:591:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Last cycle: %d\n", GLOBALS->last_cycle_lxt_c_2));
data/gtkwave-3.3.104/src/lxt.c:592:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Total cycles (actual): %d\n", GLOBALS->last_cycle_lxt_c_2-GLOBALS->first_cycle_lxt_c_2+1));
data/gtkwave-3.3.104/src/lxt.c:627:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Time table position: %08x\n", GLOBALS->time_table_offset64_lxt_c_1 + 20));
data/gtkwave-3.3.104/src/lxt.c:630:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Total cycles: %d\n", GLOBALS->total_cycles_lxt_c_2));
data/gtkwave-3.3.104/src/lxt.c:638:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:642:64: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if((offs+4)!=lseek(GLOBALS->fd_lxt_c_1, offs+4, SEEK_SET)) { fprintf(stderr, LXTHDR"ztime_table lseek error at offset %08x\n", (unsigned int)offs); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:650:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"section offs for timetable decompression = %08x of len %d\n", offs, GLOBALS->ztime_table_size_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:651:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Decompressed size is %d bytes (vs %d)\n", rc, total_mem));
data/gtkwave-3.3.104/src/lxt.c:652:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=total_mem) { fprintf(stderr, LXTHDR"decompression size disparity %d bytes (vs %d)\n", rc, total_mem); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:662:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"First cycle: %d\n", GLOBALS->first_cycle_lxt_c_2));
data/gtkwave-3.3.104/src/lxt.c:664:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Last cycle: %d\n", GLOBALS->last_cycle_lxt_c_2));
data/gtkwave-3.3.104/src/lxt.c:665:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Total cycles (actual): %lld\n", GLOBALS->last_cycle_lxt_c_2-GLOBALS->first_cycle_lxt_c_2+1));
data/gtkwave-3.3.104/src/lxt.c:706:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:710:58: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(offs!=lseek(GLOBALS->fd_lxt_c_1, offs, SEEK_SET)) { fprintf(stderr, LXTHDR"zsync_table lseek error at offset %08x\n", (unsigned int)offs); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:717:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"section offs for synctable decompression = %08x of len %d\n", offs, GLOBALS->zsync_table_size_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:718:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Decompressed size is %d bytes (vs %d)\n", rc, total_mem));
data/gtkwave-3.3.104/src/lxt.c:719:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=total_mem) { fprintf(stderr, LXTHDR"decompression size disparity %d bytes (vs %d)\n", rc, total_mem); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:764:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Compressed change records detected, making tempfile...\n");
data/gtkwave-3.3.104/src/lxt.c:765:124: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(GLOBALS->change_field_offset_lxt_c_1 != lseek(GLOBALS->fd_lxt_c_1, GLOBALS->change_field_offset_lxt_c_1, SEEK_SET)) { fprintf(stderr, LXTHDR"lseek error at offset %08x\n", (unsigned int)GLOBALS->change_field_offset_lxt_c_1); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:769:124: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(GLOBALS->change_field_offset_lxt_c_1 != lseek(GLOBALS->fd_lxt_c_1, GLOBALS->change_field_offset_lxt_c_1, SEEK_SET)) { fprintf(stderr, LXTHDR"lseek error at offset %08x\n", (unsigned int)GLOBALS->change_field_offset_lxt_c_1); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:779:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=siz) { fprintf(stderr, LXTHDR"gzread error to tempfile %d (act) vs %d (exp), exiting.\n", rc, siz); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:780:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(1 != fwrite(buf, siz, 1, tmp)) { fprintf(stderr, LXTHDR"fwrite error to tempfile, exiting.\n"); exit(255); };
data/gtkwave-3.3.104/src/lxt.c:784:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"...expanded %08x into %08x bytes.\n", GLOBALS->zchg_size_lxt_c_1, GLOBALS->zchg_predec_size_lxt_c_1);
data/gtkwave-3.3.104/src/lxt.c:795:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=siz) { fprintf(stderr, LXTHDR"gzread error to tempfile %d (act) vs %d (exp), exiting.\n", rc, siz); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:796:41: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(1 != fwrite(buf, siz, 1, tmp)) { fprintf(stderr, LXTHDR"fwrite error to tempfile, exiting.\n"); exit(255); };
data/gtkwave-3.3.104/src/lxt.c:800:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"...expanded %08x into %08x bytes.\n", GLOBALS->zchg_size_lxt_c_1, GLOBALS->zchg_predec_size_lxt_c_1);
data/gtkwave-3.3.104/src/lxt.c:824:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Compressed change records detected...\n");
data/gtkwave-3.3.104/src/lxt.c:828:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:833:124: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(GLOBALS->change_field_offset_lxt_c_1 != lseek(GLOBALS->fd_lxt_c_1, GLOBALS->change_field_offset_lxt_c_1, SEEK_SET)) { fprintf(stderr, LXTHDR"lseek error at offset %08x\n", (unsigned int)GLOBALS->change_field_offset_lxt_c_1); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:837:124: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(GLOBALS->change_field_offset_lxt_c_1 != lseek(GLOBALS->fd_lxt_c_1, GLOBALS->change_field_offset_lxt_c_1, SEEK_SET)) { fprintf(stderr, LXTHDR"lseek error at offset %08x\n", (unsigned int)GLOBALS->change_field_offset_lxt_c_1); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:852:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=siz) { fprintf(stderr, LXTHDR"BZ2_bzread error to buffer %d (act) vs %d (exp), exiting.\n", rc, siz); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:857:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"...expanded %08x into %08x bytes.\n", GLOBALS->zchg_size_lxt_c_1, GLOBALS->zchg_predec_size_lxt_c_1);
data/gtkwave-3.3.104/src/lxt.c:871:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(rc!=siz) { fprintf(stderr, LXTHDR"gzread error to buffer %d (act) vs %d (exp), exiting.\n", rc, siz); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:876:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"...expanded %08x into %08x bytes.\n", GLOBALS->zchg_size_lxt_c_1, GLOBALS->zchg_predec_size_lxt_c_1);
data/gtkwave-3.3.104/src/lxt.c:914:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Linear LXT encountered...\n");
data/gtkwave-3.3.104/src/lxt.c:918:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Uncompressed linear LXT not supported, exiting.\n");
data/gtkwave-3.3.104/src/lxt.c:981:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Facidx %d out of range (vs %d) at offset %08x, exiting.\n", facidx, GLOBALS->numfacs, (unsigned int)offs);
data/gtkwave-3.3.104/src/lxt.c:994:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Command byte %02x invalid at offset %08x, exiting.\n", cmd, (unsigned int)offs);
data/gtkwave-3.3.104/src/lxt.c:1171:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"%d linear records converted into %08x bytes.\n", num_records, GLOBALS->fpos_lxt_c_1-4);
data/gtkwave-3.3.104/src/lxt.c:1261:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"dict entry at offset %08x [%d] out of range, ignoring!\n", dictpos, (unsigned int)offs);
data/gtkwave-3.3.104/src/lxt.c:1348:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Unknown %02x at offset: %08x\n", v, (unsigned int)offs);
data/gtkwave-3.3.104/src/lxt.c:1404:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Loading LXT '%s'...\n", fname));
data/gtkwave-3.3.104/src/lxt.c:1405:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Len: %d\n", (unsigned int)GLOBALS->f_len_lxt_c_1));
data/gtkwave-3.3.104/src/lxt.c:1417:77: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_CHG: GLOBALS->change_field_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_CHG at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1418:81: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_SYNC_TABLE: GLOBALS->sync_table_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_SYNC_TABLE at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1419:75: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_FACNAME: GLOBALS->facname_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_FACNAME at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1420:87: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_FACNAME_GEOMETRY: GLOBALS->facgeometry_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_FACNAME_GEOMETRY at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1421:79: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_TIMESCALE: GLOBALS->timescale_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_TIMESCALE at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1422:81: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_TIME_TABLE: GLOBALS->time_table_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_TIME_TABLE at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1423:85: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_TIME_TABLE64: GLOBALS->time_table_offset64_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_TIME_TABLE64 at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1424:87: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_INITIAL_VALUE: GLOBALS->initial_value_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_INITIAL_VALUE at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1425:83: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_DOUBLE_TEST: GLOBALS->double_test_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_DOUBLE_TEST at %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1427:93: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZFACNAME_PREDEC_SIZE: GLOBALS->zfacname_predec_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZFACNAME_PREDEC_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1428:80: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZFACNAME_SIZE: GLOBALS->zfacname_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZFACNAME_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1429:92: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZFACNAME_GEOMETRY_SIZE: GLOBALS->zfacgeometry_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZFACNAME_GEOMETRY_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1430:80: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZSYNC_SIZE: GLOBALS->zsync_table_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZSYNC_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1431:85: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZTIME_TABLE_SIZE: GLOBALS->ztime_table_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZTIME_TABLE_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1432:85: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZCHG_PREDEC_SIZE: GLOBALS->zchg_predec_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZCHG_PREDEC_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1433:72: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZCHG_SIZE: GLOBALS->zchg_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZCHG_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1435:83: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZDICTIONARY: GLOBALS->zdictionary_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZDICTIONARY = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1436:92: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_ZDICTIONARY_SIZE: GLOBALS->zdictionary_predec_size_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_ZDICTIONARY_SIZE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1438:81: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_EXCLUDE_TABLE: GLOBALS->exclude_offset_lxt_c_1=offset; DEBUG(printf(LXTHDR"LT_SECTION_EXCLUDE_TABLE = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1440:73: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
case LT_SECTION_TIMEZERO: GLOBALS->lxt_timezero_offset=offset; DEBUG(printf(LXTHDR"LT_SECTION_TIMEZERO = %08x\n", offset)); break;
data/gtkwave-3.3.104/src/lxt.c:1499:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Number of facs: %d\n", GLOBALS->numfacs));
data/gtkwave-3.3.104/src/lxt.c:1577:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf(buf, "%s[%d:%d]", f_name[i],node_block[i].msi, node_block[i].lsi);
data/gtkwave-3.3.104/src/lxt.c:1581:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/lxt.c:1598:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf(buf, "%s[%d]", f_name[i],node_block[i].msi);
data/gtkwave-3.3.104/src/lxt.c:1602:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/lxt.c:1627:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, f_name[i]);
data/gtkwave-3.3.104/src/lxt.c:1689:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Sorting facilities at hierarchy boundaries...");
data/gtkwave-3.3.104/src/lxt.c:1713:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, LXTHDR"Building facility hierarchy tree...");
data/gtkwave-3.3.104/src/lxt.c:2165:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"offs: %08x is time %08x\n", offs, tmval));
data/gtkwave-3.3.104/src/lxt.c:2231:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Added double '%.16g'\n", *((double *)(GLOBALS->mm_lxt_c_1+offs_dbl))));
data/gtkwave-3.3.104/src/lxt.c:2242:11: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Added bytefixed double '%.16g'\n", *((double *)(htemp->v.h_vector))));
data/gtkwave-3.3.104/src/lxt.c:2258:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
DEBUG(printf(LXTHDR"Added string '%s'\n", (unsigned char *)GLOBALS->mm_lxt_c_1+offs_str));
data/gtkwave-3.3.104/src/main.c:405:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->ftext_main_main_c_1, dfile);
data/gtkwave-3.3.104/src/main.c:442:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pos, argv[0]);
data/gtkwave-3.3.104/src/main.c:725:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->whoami, argv[0]);
data/gtkwave-3.3.104/src/main.c:848:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(
data/gtkwave-3.3.104/src/main.c:1017:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->loaded_file_name, optarg);
data/gtkwave-3.3.104/src/main.c:1028:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wname, optarg);
data/gtkwave-3.3.104/src/main.c:1034:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(override_rc, optarg);
data/gtkwave-3.3.104/src/main.c:1071:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->skip_start, optarg);
data/gtkwave-3.3.104/src/main.c:1077:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->skip_end, optarg);
data/gtkwave-3.3.104/src/main.c:1084:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->stems_name, optarg);
data/gtkwave-3.3.104/src/main.c:1107:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scriptfile, optarg);
data/gtkwave-3.3.104/src/main.c:1116:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(l->name, optarg);
data/gtkwave-3.3.104/src/main.c:1142:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->repscript_name, optarg);
data/gtkwave-3.3.104/src/main.c:1166:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, GLOBALS->tcl_init_cmd);
data/gtkwave-3.3.104/src/main.c:1169:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->tcl_init_cmd, buffer);
data/gtkwave-3.3.104/src/main.c:1181:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pos, optarg);
data/gtkwave-3.3.104/src/main.c:1189:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_name, optarg);
data/gtkwave-3.3.104/src/main.c:1227:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->loaded_file_name, argv[optind++]);
data/gtkwave-3.3.104/src/main.c:1232:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wname, argv[optind++]);
data/gtkwave-3.3.104/src/main.c:1237:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(override_rc, argv[optind++]);
data/gtkwave-3.3.104/src/main.c:1368:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(WAVE_VERSION_INFO"\nDate: %s\n\n",asctime(localtime(&walltime)));
data/gtkwave-3.3.104/src/main.c:1435:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->winname,winstd);
data/gtkwave-3.3.104/src/main.c:1442:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->winname,winprefix);
data/gtkwave-3.3.104/src/main.c:1448:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->winname,iact);
data/gtkwave-3.3.104/src/main.c:1452:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(GLOBALS->winname,GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1516:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->aet_name, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1533:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->aet_name, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1549:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->aet_name, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1564:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->aet_name, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1598:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->aet_name, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1623:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->unoptimized_vcd_file_name, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1703:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pnt, GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/main.c:1728:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wname, pnt);
data/gtkwave-3.3.104/src/main.c:1738:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/main.c:1739:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+dlen,wname);
data/gtkwave-3.3.104/src/main.c:1740:15: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
wave=popen(str,"r");
data/gtkwave-3.3.104/src/main.c:1749:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->filesel_writesave, wname);
data/gtkwave-3.3.104/src/main.c:1788:17: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
wave=popen(str,"r");
data/gtkwave-3.3.104/src/main.c:2983:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->anno_ctx->aet_name, GLOBALS->aet_name);
data/gtkwave-3.3.104/src/main.c:2984:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->anno_ctx->stems_name, stems_name);
data/gtkwave-3.3.104/src/main.c:3033:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->anno_ctx->aet_name, GLOBALS->aet_name);
data/gtkwave-3.3.104/src/main.c:3034:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->anno_ctx->stems_name, stems_name);
data/gtkwave-3.3.104/src/main.c:3086:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(res, xec);
data/gtkwave-3.3.104/src/main.c:3087:15: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(res, "rtlbrowse", buf, NULL);
data/gtkwave-3.3.104/src/main.c:3093:13: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("rtlbrowse", "rtlbrowse", buf, NULL);
data/gtkwave-3.3.104/src/main.c:3120:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/gtkwave-3.3.104/src/main.c:3127:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.fst", "vcd");
data/gtkwave-3.3.104/src/main.c:3143:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("vcd2fst", "vcd2fst", "--", "-", buf, NULL);
data/gtkwave-3.3.104/src/main.c:3152:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "vcd2fst %s %s.fst", GLOBALS->unoptimized_vcd_file_name, GLOBALS->unoptimized_vcd_file_name);
data/gtkwave-3.3.104/src/main.c:3153:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf);
data/gtkwave-3.3.104/src/main.c:3156:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.fst", GLOBALS->unoptimized_vcd_file_name);
data/gtkwave-3.3.104/src/main.c:3161:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.fst", GLOBALS->unoptimized_vcd_file_name);
data/gtkwave-3.3.104/src/main.c:3187:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(res, xec);
data/gtkwave-3.3.104/src/main.c:3188:11: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(res, "vcd2fst", GLOBALS->unoptimized_vcd_file_name, buf, NULL);
data/gtkwave-3.3.104/src/main.c:3194:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("vcd2fst", "vcd2fst", GLOBALS->unoptimized_vcd_file_name, buf, NULL);
data/gtkwave-3.3.104/src/markerbox.c:56:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sn, so);
data/gtkwave-3.3.104/src/menu.c:2272:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdfpath, rpath);
data/gtkwave-3.3.104/src/menu.c:2273:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pdfpath, suf);
data/gtkwave-3.3.104/src/menu.c:2616:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_begin->name, name);
data/gtkwave-3.3.104/src/menu.c:2642:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_end->name, name);
data/gtkwave-3.3.104/src/menu.c:3060:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->n.vec->bvname, GLOBALS->entrybox_text);
data/gtkwave-3.3.104/src/menu.c:3600:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nam+offset, "[%d%s%d]", n[0]->expansion->actual, (bitblast_delta!=0) ? ":" : "|", n[nodepnt-1]->expansion->actual);
data/gtkwave-3.3.104/src/menu.c:3632:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nam+offset, "[%d%s%d]", n[nodepnt-1]->expansion->actual, (bitblast_delta!=0) ? ":" : "|", n[0]->expansion->actual);
data/gtkwave-3.3.104/src/menu.c:3661:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(b->name=(char *)malloc_2(offset + strlen(nam+offset)+1), nam);
data/gtkwave-3.3.104/src/menu.c:3895:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("open", "open", "-n", "-W", "-a", "gtkwave", "--args", "--optimize", "--dump", *GLOBALS->fileselbox_text, NULL);
data/gtkwave-3.3.104/src/menu.c:3899:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("open", "open", "-n", "-W", "-a", "gtkwave", "--args", "--dump", *GLOBALS->fileselbox_text, NULL);
data/gtkwave-3.3.104/src/menu.c:3904:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(GLOBALS->whoami, GLOBALS->whoami, "-o", *GLOBALS->fileselbox_text, NULL);
data/gtkwave-3.3.104/src/menu.c:3908:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(GLOBALS->whoami, GLOBALS->whoami, *GLOBALS->fileselbox_text, NULL);
data/gtkwave-3.3.104/src/menu.c:3924:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szCmdline, "%s %s", GLOBALS->whoami, *GLOBALS->fileselbox_text);
data/gtkwave-3.3.104/src/menu.c:4704:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name_full, GLOBALS->entrybox_text);
data/gtkwave-3.3.104/src/menu.c:4855:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->regexp_string_menu_c_1, GLOBALS->entrybox_text);
data/gtkwave-3.3.104/src/menu.c:5527:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(update_string, "Moved to time: %s\n", timval);
data/gtkwave-3.3.104/src/menu.c:6031:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, rp);
data/gtkwave-3.3.104/src/menu.c:6072:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(nbuf, token, lineno);
data/gtkwave-3.3.104/src/menu.c:6108:26: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(ar[0], ar);
data/gtkwave-3.3.104/src/menu.c:8544:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tcl_cmd+8, name);
data/gtkwave-3.3.104/src/menu.c:8988:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(full_path, "<main>%s", path);
data/gtkwave-3.3.104/src/mouseover.c:321:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flagged_name+name_charlen+1, flag_string);
data/gtkwave-3.3.104/src/mouseover.c:329:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alternate_name + 3, flagged_name + name_charlen - (MOUSEOVER_BREAKSIZE - 3));
data/gtkwave-3.3.104/src/mouseover_sigs.c:136:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ch + pos, vartype_strings[vartype]);
data/gtkwave-3.3.104/src/mouseover_sigs.c:364:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(flagged_name+name_charlen+1, flag_string);
data/gtkwave-3.3.104/src/mouseover_sigs.c:372:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alternate_name + 3, flagged_name + name_charlen - (MOUSEOVER_BREAKSIZE - 3));
data/gtkwave-3.3.104/src/pipeio.c:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szCmdline, "%s %s", execappname, args);
data/gtkwave-3.3.104/src/pipeio.c:138:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(execappname, execappname, NULL);
data/gtkwave-3.3.104/src/pipeio.c:140:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(execappname, execappname, arg, NULL);
data/gtkwave-3.3.104/src/pipeio.c:158:7: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(execappname, execappname, NULL);
data/gtkwave-3.3.104/src/pipeio.c:160:7: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl(execappname, execappname, arg, NULL);
data/gtkwave-3.3.104/src/print.c:716:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str2 + 1, str);
data/gtkwave-3.3.104/src/print.c:805:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str2 + 1, str);
data/gtkwave-3.3.104/src/print.c:3243:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cbuf, buf);
data/gtkwave-3.3.104/src/print.c:3246:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (cbuf, t->asciivalue);
data/gtkwave-3.3.104/src/ptranslate.c:112:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(name, "%s ", exec_name);
data/gtkwave-3.3.104/src/ptranslate.c:135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "which %s", exec_name);
data/gtkwave-3.3.104/src/ptranslate.c:136:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
stream = popen(cmd, "r");
data/gtkwave-3.3.104/src/ptranslate.c:138:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
result = fscanf(stream, "%s", abs_path);
data/gtkwave-3.3.104/src/ptranslate.c:150:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(abs_path, exec_name);
data/gtkwave-3.3.104/src/ptranslate.c:282:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->procsel_filter[GLOBALS->num_proc_filters], *GLOBALS->fileselbox_text);
data/gtkwave-3.3.104/src/ptranslate.c:472:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->procsel_filter[GLOBALS->num_proc_filters], name);
data/gtkwave-3.3.104/src/rc.c:288:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->fontname_logfile,str);
data/gtkwave-3.3.104/src/rc.c:297:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->fontname_signals,str);
data/gtkwave-3.3.104/src/rc.c:306:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->fontname_waves,str);
data/gtkwave-3.3.104/src/rc.c:1131:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcpath,home);
data/gtkwave-3.3.104/src/rc.c:1133:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rcpath,rcname);
data/gtkwave-3.3.104/src/rc.c:1148:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcpath, rpath);
data/gtkwave-3.3.104/src/rc.c:1149:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rcpath, suf);
data/gtkwave-3.3.104/src/rc.c:1187:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rcpath,home);
data/gtkwave-3.3.104/src/rc.c:1189:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rcpath,rcname);
data/gtkwave-3.3.104/src/renderopt.c:130:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zname, *GLOBALS->fileselbox_text);
data/gtkwave-3.3.104/src/renderopt.c:155:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sysname, "pstopdf" /* 7 */
data/gtkwave-3.3.104/src/renderopt.c:157:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sysname, "ps2pdf" /* 6 */
data/gtkwave-3.3.104/src/renderopt.c:167:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = system(sysname);
data/gtkwave-3.3.104/src/renderopt.c:220:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s '%s'", ban, (char *)user_data);
data/gtkwave-3.3.104/src/savefile.c:96:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->buf_menu_c_1, hname);
data/gtkwave-3.3.104/src/savefile.c:101:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(GLOBALS->buf_menu_c_1, "%s{%d}", hname, n->this_row);
data/gtkwave-3.3.104/src/savefile.c:188:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(wave,"*%f "TTFormat, (float)(GLOBALS->tims.zoom),GLOBALS->tims.marker);
data/gtkwave-3.3.104/src/savefile.c:193:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(wave," "TTFormat,nm);
data/gtkwave-3.3.104/src/savefile.c:369:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(wave, " "TTFormat" %"TRACEFLAGSPRIFMT, ba[ix].shift, ba[ix].flags);
data/gtkwave-3.3.104/src/savefile.c:538:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(wave, " "TTFormat" %"TRACEFLAGSPRIFMT, ba[ix].shift, ba[ix].flags);
data/gtkwave-3.3.104/src/savefile.c:673:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+5,wname);
data/gtkwave-3.3.104/src/savefile.c:674:22: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
wave=popen(str,"r");
data/gtkwave-3.3.104/src/savefile.c:732:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strp_buf, lhq+1);
data/gtkwave-3.3.104/src/savefile.c:811:24: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
wave=popen(str,"r");
data/gtkwave-3.3.104/src/savefile.c:954:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
t = mem + sprintf(mem, "#%s[%d:%d] ", rname, msb, lsb);
data/gtkwave-3.3.104/src/savefile.c:960:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
t += sprintf(t, "%s[%d]", w, i);
data/gtkwave-3.3.104/src/savefile.c:968:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
t += sprintf(t, "%s[%d]", w, i);
data/gtkwave-3.3.104/src/savefile.c:1046:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, w2);
data/gtkwave-3.3.104/src/savefile.c:1053:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, w2);
data/gtkwave-3.3.104/src/savefile.c:1056:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, w2);
data/gtkwave-3.3.104/src/savefile.c:1094:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(w2,TTFormat,&ttlocal);
data/gtkwave-3.3.104/src/savefile.c:1128:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(w2+1, "%"TRACEFLAGSSCNFMT, &GLOBALS->default_flags);
data/gtkwave-3.3.104/src/savefile.c:1141:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(w2+strlen(prefix),"%s",suffix);
data/gtkwave-3.3.104/src/savefile.c:1194:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ns, "%s[%d]", suffix+i, actual);
data/gtkwave-3.3.104/src/savefile.c:1295:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(w3, "%s:%s", w2, rightmost_lbrack+1);
data/gtkwave-3.3.104/src/savefile.c:1309:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(w3, "^%s\\[.*", w2);
data/gtkwave-3.3.104/src/savefile.c:1388:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->strace_ctx->shadow_string, w2+2);
data/gtkwave-3.3.104/src/savefile.c:1617:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(w, TTFormat" "TTFormat, &GLOBALS->ruler_origin, &GLOBALS->ruler_step);
data/gtkwave-3.3.104/src/savefile.c:1621:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(w, TTFormat, &GLOBALS->timestart_from_savefile);
data/gtkwave-3.3.104/src/savefile.c:2040:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, w2);
data/gtkwave-3.3.104/src/savefile.c:2047:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, w2);
data/gtkwave-3.3.104/src/savefile.c:2050:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix, w2);
data/gtkwave-3.3.104/src/savefile.c:2087:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(w2+strlen(prefix),"%s",suffix);
data/gtkwave-3.3.104/src/savefile.c:2133:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ns, "%s[%d]", suffix+i, actual);
data/gtkwave-3.3.104/src/savefile.c:2207:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(w3, "%s:%s", w2, rightmost_lbrack+1);
data/gtkwave-3.3.104/src/savefile.c:2219:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(w3, "^%s\\[.*", w2);
data/gtkwave-3.3.104/src/savefile.c:2312:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(relativeFilename, absoluteFilename);
data/gtkwave-3.3.104/src/savefile.c:2339:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(relativeFilename, &absoluteFilename[i]);
data/gtkwave-3.3.104/src/savefile.c:2394:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&relativeFilename[rfMarker], &absoluteFilename[afMarker]);
data/gtkwave-3.3.104/src/savefile.c:2473:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(synth_nam, dup_this_save);
data/gtkwave-3.3.104/src/savefile.c:2474:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(synth_nam, grf);
data/gtkwave-3.3.104/src/savefile.c:2502:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(orig_save2, pfx); strcat(orig_save2, orig_save);
data/gtkwave-3.3.104/src/savefile.c:2502:27: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(orig_save2, pfx); strcat(orig_save2, orig_save);
data/gtkwave-3.3.104/src/savefile.c:2503:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(orig_dump2, pfx); strcat(orig_dump2, orig_dump);
data/gtkwave-3.3.104/src/savefile.c:2503:34: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(orig_dump2, pfx); strcat(orig_dump2, orig_dump);
data/gtkwave-3.3.104/src/savefile.c:2593:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dfn, old_dfn);
data/gtkwave-3.3.104/src/savefile.c:2601:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfn, old_sfn);
data/gtkwave-3.3.104/src/savefile.c:2614:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fdf, old_fdf);
data/gtkwave-3.3.104/src/savefile.c:2645:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fni, "Loading %s...", lcname);
data/gtkwave-3.3.104/src/savefile.c:2648:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fni, lcname);
data/gtkwave-3.3.104/src/search.c:95:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((GLOBALS->entrybox_text_local_search_c_2=(char *)malloc_2(strlen(vname)+1)),vname); /* make consistent with other widgets rather than producing NULL */
data/gtkwave-3.3.104/src/search.c:96:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((GLOBALS->entrybox_text_local_search_c_2=(char *)malloc_2(len+1)),entry_text);
data/gtkwave-3.3.104/src/search.c:792:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entry_suffixed,GLOBALS->searchbox_text_search_c_1); /* scan-build */
data/gtkwave-3.3.104/src/search.c:793:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entry_suffixed,regex_type[GLOBALS->regex_which_search_c_1]);
data/gtkwave-3.3.104/src/search.c:828:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(duplicate_row_buffer, hfacname);
data/gtkwave-3.3.104/src/search.c:849:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s+3, tmp2);
data/gtkwave-3.3.104/src/search.c:856:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s+3, hfacname);
data/gtkwave-3.3.104/src/signalwindow.c:880:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dhq, GLOBALS->dnd_helper_quartz);
data/gtkwave-3.3.104/src/signalwindow.c:910:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(qn_2, qn + qn_len - mlen);
data/gtkwave-3.3.104/src/status.c:48:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stemp, str);
data/gtkwave-3.3.104/src/strace.c:281:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((s->string=(char *)malloc_2(len+1)),entry_text);
data/gtkwave-3.3.104/src/strace.c:1461:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(notused, "%s not in use.\n", item_mark_start_strings[(unsigned int)GLOBALS->strace_ctx->mark_idx_start].str);
data/gtkwave-3.3.104/src/strace.c:1473:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(notused, "%s not in use.\n", item_mark_end_strings[(unsigned int)GLOBALS->strace_ctx->mark_idx_end].str);
data/gtkwave-3.3.104/src/strace.c:1611:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
rc=vsprintf(buff, fmt, args);
data/gtkwave-3.3.104/src/strace.c:1614:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bt->str, buff);
data/gtkwave-3.3.104/src/symbol.c:172:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/tcl_commands.c:62:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(reportString, "* wrong number of arguments for '%s': %d expected, %d encountered", Tcl_GetString(objv[0]), expected, objc-1);
data/gtkwave-3.3.104/src/tcl_commands.c:107:1: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(reportString, TTFormat, ttVal);
data/gtkwave-3.3.104/src/tcl_commands.c:124:1: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(reportString, "%"TRACEFLAGSPRIuFMT, ttVal);
data/gtkwave-3.3.104/src/tcl_helper.c:803:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s_new, elem[i]);
data/gtkwave-3.3.104/src/tcl_helper.c:804:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(i!=(l-1)) strcat(s_new, delim_str);
data/gtkwave-3.3.104/src/tcl_helper.c:1173:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entry_suffixed,s_new);
data/gtkwave-3.3.104/src/tcl_helper.c:1174:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entry_suffixed,this_regex);
data/gtkwave-3.3.104/src/tcl_helper.c:1203:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entry_suffixed,s_new);
data/gtkwave-3.3.104/src/tcl_helper.c:1204:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(entry_suffixed,this_regex);
data/gtkwave-3.3.104/src/tcl_helper.c:1437:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pidstr+strlen(pidstr), "{marker %s} ", mrkbuf);
data/gtkwave-3.3.104/src/tcl_helper.c:1477:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2, s);
data/gtkwave-3.3.104/src/tcl_helper.c:1563:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rpnt, "{netBusValue 0x%s ", opt_value);
data/gtkwave-3.3.104/src/tcl_helper.c:1572:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rpnt, "{netValue %s ", opt_value);
data/gtkwave-3.3.104/src/tcl_helper.c:1577:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pnt2, tcllist);
data/gtkwave-3.3.104/src/tcl_helper.c:1838:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newname, "%s[%d:%d]", first_str, lidx, ridx); /* this disappears in make_single_tcl_list_name() but might be used in future code */
data/gtkwave-3.3.104/src/tcl_helper.c:2108:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (p, size, fmt, ap);
data/gtkwave-3.3.104/src/tcl_helper.c:2798:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(reportString, "gtkwave::%s prohibited in callback", menuItem);
data/gtkwave-3.3.104/src/tcl_helper.c:2821:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w->payload, s); /* scan-build complains but it thinks payload[1] is the actual memory allocated */
data/gtkwave-3.3.104/src/tcl_helper.c:2881:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tcl_cmd+8, nam);
data/gtkwave-3.3.104/src/tcl_helper.c:2901:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s%s\n", "--script ", tpnt);
data/gtkwave-3.3.104/src/tcl_helper.c:2942:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pnt, ife[i].path);
data/gtkwave-3.3.104/src/tcl_helper.c:2958:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commandName + 9, gtkwave_commands[i].cmdstr);
data/gtkwave-3.3.104/src/tcl_helper.c:3006:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tcl_cmd+8, GLOBALS->repscript_name);
data/gtkwave-3.3.104/src/tcl_helper.c:3132:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pnt, ife[i].path);
data/gtkwave-3.3.104/src/tcl_helper.c:3148:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commandName + 9, gtkwave_commands[i].cmdstr);
data/gtkwave-3.3.104/src/tcl_helper.h:51:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mult_entry + mult_len, one_entry); \
data/gtkwave-3.3.104/src/tcl_np.c:79:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(libname, "%s\\tcl%d%d.dll", path, TCL_MAJOR_VERSION,
data/gtkwave-3.3.104/src/tcl_np.c:83:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(libname, "%s..\\lib\\tcl%d%d.dll", path, TCL_MAJOR_VERSION,
data/gtkwave-3.3.104/src/tcl_np.c:303:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, me) ;
data/gtkwave-3.3.104/src/tcl_np.c:306:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(libname, "%s%s", path, TCL_LIB_FILE) ;
data/gtkwave-3.3.104/src/tcl_np.c:309:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(libname, "%s../lib/%s", path, TCL_LIB_FILE) ;
data/gtkwave-3.3.104/src/tcl_np.c:563:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dllName, MAX_PATH, info.dli_fname);
data/gtkwave-3.3.104/src/tcl_np.h:19:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define NpLog(x,y) printf("TCLINIT | " x, y)
data/gtkwave-3.3.104/src/tcl_np.h:20:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define NpLog3(x,y,z) printf("TCLINIT | " x, y, z)
data/gtkwave-3.3.104/src/tcl_np.h:21:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define NpPanic(x) fprintf(stderr, "TCLINIT | "x)
data/gtkwave-3.3.104/src/tcl_np.h:49:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/gtkwave-3.3.104/src/tcl_np.h:49:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/gtkwave-3.3.104/src/tcl_support_commands.c:666:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s1,"%s%s", signal_value_prefix(t->flags), s) ;
data/gtkwave-3.3.104/src/tcl_support_commands.c:674:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s1, "%s%s", signal_value_prefix(t->flags),
data/gtkwave-3.3.104/src/translate.c:84:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
n->item = strcpy(malloc_2(strlen(i)+1), i);
data/gtkwave-3.3.104/src/translate.c:85:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(trans) n->trans = strcpy(malloc_2(strlen(trans)+1), trans);
data/gtkwave-3.3.104/src/translate.c:377:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->filesel_filter[GLOBALS->num_file_filters], *GLOBALS->fileselbox_text);
data/gtkwave-3.3.104/src/translate.c:590:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->filesel_filter[GLOBALS->num_file_filters], name);
data/gtkwave-3.3.104/src/tree.c:171:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+len, scopename);
data/gtkwave-3.3.104/src/tree.c:213:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+len, t->name);
data/gtkwave-3.3.104/src/tree.c:220:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+len, scopename);
data/gtkwave-3.3.104/src/tree.c:233:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name, scopename);
data/gtkwave-3.3.104/src/tree.c:260:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name, scopename);
data/gtkwave-3.3.104/src/tree.c:273:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->name, scopename);
data/gtkwave-3.3.104/src/tree.c:373:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2,s);
data/gtkwave-3.3.104/src/tree.c:375:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s2,t->name);
data/gtkwave-3.3.104/src/tree.c:415:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+3, tmp3);
data/gtkwave-3.3.104/src/tree.c:422:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp+3, t2->name);
data/gtkwave-3.3.104/src/tree.c:446:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s (%s)", t2->name, sc);
data/gtkwave-3.3.104/src/tree.c:450:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s : %s", t2->name, sc);
data/gtkwave-3.3.104/src/tree.c:728:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+len, GLOBALS->module_tree_c_1);
data/gtkwave-3.3.104/src/tree.c:784:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+len, t->name);
data/gtkwave-3.3.104/src/tree.c:1062:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SST_EXCL_MESS"Could not open '%s' SST exclusion file!\n", GLOBALS->sst_exclude_filename);
data/gtkwave-3.3.104/src/tree.c:1063:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SST_EXCL_MESS);
data/gtkwave-3.3.104/src/tree.c:1068:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SST_EXCL_MESS"Processing '%s'.\n", GLOBALS->sst_exclude_filename);
data/gtkwave-3.3.104/src/treesearch_gtk1.c:138:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((GLOBALS->entrybox_text_local_treesearch_gtk1_c=(char *)malloc_2(len+1)),entry_text);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:203:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s+3, p);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:212:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s+3, p);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:325:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namecache, name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:451:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tstring, t->name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:452:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tstring, hier_suffix);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:536:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namecache, name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:636:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tstring, t->name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:637:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tstring, hier_suffix);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:709:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->filter_str_treesearch_gtk2_c_1, t);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:812:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy((GLOBALS->entrybox_text_local_treesearch_gtk2_c_3=(char *)malloc_2(len+1)),entry_text);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:1234:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sstr, GLOBALS->selected_hierarchy_name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:1235:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sstr, GLOBALS->selected_sig_name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2753:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(recwarn, "Really import %d facilit%s?", fz, (fz==1)?"y":"ies");
data/gtkwave-3.3.104/src/ttranslate.c:133:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(name, "%s ", exec_name);
data/gtkwave-3.3.104/src/ttranslate.c:156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "which %s", exec_name);
data/gtkwave-3.3.104/src/ttranslate.c:157:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
stream = popen(cmd, "r");
data/gtkwave-3.3.104/src/ttranslate.c:159:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
result = fscanf(stream, "%s", abs_path);
data/gtkwave-3.3.104/src/ttranslate.c:172:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(abs_path, exec_name);
data/gtkwave-3.3.104/src/ttranslate.c:378:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->ttranssel_filter[GLOBALS->num_ttrans_filters], *GLOBALS->fileselbox_text);
data/gtkwave-3.3.104/src/ttranslate.c:612:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->ttranssel_filter[GLOBALS->num_ttrans_filters], name);
data/gtkwave-3.3.104/src/ttranslate.c:721:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(sp) strcpy((char *)vt->v, sp);
data/gtkwave-3.3.104/src/twinwave.c:214:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mylist, arglist[idx]);
data/gtkwave-3.3.104/src/twinwave.c:286:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mylist, arglist[idx]);
data/gtkwave-3.3.104/src/twinwave.c:431:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(arglist[0], arglist);
data/gtkwave-3.3.104/src/twinwave.c:467:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(arglist[0], arglist);
data/gtkwave-3.3.104/src/vcd.c:584:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vst, GLOBALS->varsplit_vcd_c_1);
data/gtkwave-3.3.104/src/vcd.c:710:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->slisthier+len,s->str);
data/gtkwave-3.3.104/src/vcd.c:714:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(GLOBALS->slisthier+len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd.c:730:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str,str);
data/gtkwave-3.3.104/src/vcd.c:791:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,GLOBALS->yytext_vcd_c_1+1);
data/gtkwave-3.3.104/src/vcd.c:843:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value+fill,vector);
data/gtkwave-3.3.104/src/vcd.c:847:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector);
data/gtkwave-3.3.104/src/vcd.c:854:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector+skip);
data/gtkwave-3.3.104/src/vcd.c:874:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/vcd.c:885:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,GLOBALS->yytext_vcd_c_1+1);
data/gtkwave-3.3.104/src/vcd.c:970:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/vcd.c:1192:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str, GLOBALS->yytext_vcd_c_1);
data/gtkwave-3.3.104/src/vcd.c:1318:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, GLOBALS->yytext_vcd_c_1);
data/gtkwave-3.3.104/src/vcd.c:1343:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd.c:1344:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd.c:1354:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd.c:1355:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd.c:1357:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len+2,v->name+GLOBALS->slisthier_len+1);
data/gtkwave-3.3.104/src/vcd.c:1376:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+1,v->name);
data/gtkwave-3.3.104/src/vcd.c:1410:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, GLOBALS->yytext_vcd_c_1);
data/gtkwave-3.3.104/src/vcd.c:1435:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd.c:1436:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd.c:1446:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd.c:1447:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd.c:1449:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len+2,v->name+GLOBALS->slisthier_len+1);
data/gtkwave-3.3.104/src/vcd.c:1468:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+1,v->name);
data/gtkwave-3.3.104/src/vcd.c:2214:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,v->name);
data/gtkwave-3.3.104/src/vcd.c:2218:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+slen,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd.c:2257:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
do sprintf(dupfix, "$DUP%d%s%s", duphier++, GLOBALS->vcd_hier_delimeter, str);
data/gtkwave-3.3.104/src/vcd.c:2260:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dupfix);
data/gtkwave-3.3.104/src/vcd.c:2362:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
do sprintf(dupfix, "$DUP%d%s%s", duphier++, GLOBALS->vcd_hier_delimeter, str);
data/gtkwave-3.3.104/src/vcd.c:2365:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dupfix);
data/gtkwave-3.3.104/src/vcd.c:2627:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/vcd.c:2628:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+dlen,fname);
data/gtkwave-3.3.104/src/vcd.c:2629:30: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GLOBALS->vcd_handle_vcd_c_1=popen(str,"r");
data/gtkwave-3.3.104/src/vcd_partial.c:560:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vst, GLOBALS->varsplit_vcd_partial_c_2);
data/gtkwave-3.3.104/src/vcd_partial.c:706:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,GLOBALS->yytext_vcd_partial_c_2+1);
data/gtkwave-3.3.104/src/vcd_partial.c:761:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value+fill,vector);
data/gtkwave-3.3.104/src/vcd_partial.c:765:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector);
data/gtkwave-3.3.104/src/vcd_partial.c:772:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->value,vector+skip);
data/gtkwave-3.3.104/src/vcd_partial.c:797:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/vcd_partial.c:813:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,GLOBALS->yytext_vcd_partial_c_2+1);
data/gtkwave-3.3.104/src/vcd_partial.c:906:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,v->value);
data/gtkwave-3.3.104/src/vcd_partial.c:1140:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str, GLOBALS->yytext_vcd_partial_c_2);
data/gtkwave-3.3.104/src/vcd_partial.c:1265:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, GLOBALS->yytext_vcd_partial_c_2);
data/gtkwave-3.3.104/src/vcd_partial.c:1290:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_partial.c:1291:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_partial.c:1301:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_partial.c:1302:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_partial.c:1304:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len+2,v->name+GLOBALS->slisthier_len+1);
data/gtkwave-3.3.104/src/vcd_partial.c:1323:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+1,v->name);
data/gtkwave-3.3.104/src/vcd_partial.c:1357:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, GLOBALS->yytext_vcd_partial_c_2);
data/gtkwave-3.3.104/src/vcd_partial.c:1382:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_partial.c:1383:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_partial.c:1393:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_partial.c:1394:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_partial.c:1396:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len+2,v->name+GLOBALS->slisthier_len+1);
data/gtkwave-3.3.104/src/vcd_partial.c:1415:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+1,v->name);
data/gtkwave-3.3.104/src/vcd_partial.c:2056:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,v->name);
data/gtkwave-3.3.104/src/vcd_partial.c:2060:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+slen,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_partial.c:2099:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
do sprintf(dupfix, "$DUP%d%s%s", duphier++, GLOBALS->vcd_hier_delimeter, str);
data/gtkwave-3.3.104/src/vcd_partial.c:2102:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dupfix);
data/gtkwave-3.3.104/src/vcd_partial.c:2204:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
do sprintf(dupfix, "$DUP%d%s%s", duphier++, GLOBALS->vcd_hier_delimeter, str);
data/gtkwave-3.3.104/src/vcd_partial.c:2207:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dupfix);
data/gtkwave-3.3.104/src/vcd_recoder.c:1090:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vst, GLOBALS->varsplit_vcd_recoder_c_3);
data/gtkwave-3.3.104/src/vcd_recoder.c:1271:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector,GLOBALS->yytext_vcd_recoder_c_3+1);
data/gtkwave-3.3.104/src/vcd_recoder.c:1534:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->str, GLOBALS->yytext_vcd_recoder_c_3);
data/gtkwave-3.3.104/src/vcd_recoder.c:1659:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, GLOBALS->yytext_vcd_recoder_c_3);
data/gtkwave-3.3.104/src/vcd_recoder.c:1684:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_recoder.c:1685:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_recoder.c:1695:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_recoder.c:1696:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_recoder.c:1698:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len+2,v->name+GLOBALS->slisthier_len+1);
data/gtkwave-3.3.104/src/vcd_recoder.c:1717:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+1,v->name);
data/gtkwave-3.3.104/src/vcd_recoder.c:1755:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->id, GLOBALS->yytext_vcd_recoder_c_3);
data/gtkwave-3.3.104/src/vcd_recoder.c:1781:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_recoder.c:1782:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(v->name+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_recoder.c:1792:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd,GLOBALS->slisthier);
data/gtkwave-3.3.104/src/vcd_recoder.c:1793:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_recoder.c:1795:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+GLOBALS->slisthier_len+2,v->name+GLOBALS->slisthier_len+1);
data/gtkwave-3.3.104/src/vcd_recoder.c:1814:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sd+1,v->name);
data/gtkwave-3.3.104/src/vcd_recoder.c:2449:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,v->name);
data/gtkwave-3.3.104/src/vcd_recoder.c:2453:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+slen,GLOBALS->vcd_hier_delimeter);
data/gtkwave-3.3.104/src/vcd_recoder.c:2492:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
do sprintf(dupfix, "$DUP%d%s%s", duphier++, GLOBALS->vcd_hier_delimeter, str);
data/gtkwave-3.3.104/src/vcd_recoder.c:2495:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dupfix);
data/gtkwave-3.3.104/src/vcd_recoder.c:2598:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
do sprintf(dupfix, "$DUP%d%s%s", duphier++, GLOBALS->vcd_hier_delimeter, str);
data/gtkwave-3.3.104/src/vcd_recoder.c:2601:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, dupfix);
data/gtkwave-3.3.104/src/vcd_recoder.c:2775:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ffname, "%s.idx", fname);
data/gtkwave-3.3.104/src/vcd_recoder.c:2817:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/vcd_recoder.c:2818:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str+dlen,fname);
data/gtkwave-3.3.104/src/vcd_recoder.c:2819:38: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GLOBALS->vcd_handle_vcd_recoder_c_2=popen(str,"r");
data/gtkwave-3.3.104/src/vcd_recoder.c:3352:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vector, sbuf);
data/gtkwave-3.3.104/src/vcd_saver.c:32:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, format, ap);
data/gtkwave-3.3.104/src/vcd_saver.c:43:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(sfd, format, ap);
data/gtkwave-3.3.104/src/vcd_saver.c:1014:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(t, "%s] %s", nh_curr->name, mti_sv_patch+1);
data/gtkwave-3.3.104/src/vlist.c:37:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s.idx", GLOBALS->loaded_file_name);
data/gtkwave-3.3.104/src/vzt.c:77:1: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Finished building %d facs.\n", GLOBALS->numfacs);
data/gtkwave-3.3.104/src/vzt.c:96:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f_name[0], fnam);
data/gtkwave-3.3.104/src/vzt.c:110:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f_name[(i+1)&F_NAME_MODULUS], fnam);
data/gtkwave-3.3.104/src/vzt.c:138:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len=sprintf(buf, "%s[%d:%d]", f_name[(i)&F_NAME_MODULUS],node_block[i].msi, node_block[i].lsi);
data/gtkwave-3.3.104/src/vzt.c:143:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/vzt.c:160:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
int len = sprintf(buf, "%s[%d]", f_name[(i)&F_NAME_MODULUS],node_block[i].msi);
data/gtkwave-3.3.104/src/vzt.c:164:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, buf);
data/gtkwave-3.3.104/src/vzt.c:189:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, f_name[(i)&F_NAME_MODULUS]);
data/gtkwave-3.3.104/src/vzt.c:252:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Merging in %d aliases.\n", numalias);
data/gtkwave-3.3.104/src/vzt.c:286:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/vzt.c:320:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Sorting facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/vzt.c:354:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Sorting facilities at hierarchy boundaries.\n");
data/gtkwave-3.3.104/src/vzt.c:374:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Building facility hierarchy tree.\n");
data/gtkwave-3.3.104/src/vzt.c:430:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"--begin/--end options yield zero blocks, ignoring.\n");
data/gtkwave-3.3.104/src/vzt.c:499:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, *value);
data/gtkwave-3.3.104/src/vzt.c:702:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, VZT_RDLOAD"Extracting %d traces\n", cnt);
data/gtkwave-3.3.104/src/wavewindow.c:2040:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, tname);
data/gtkwave-3.3.104/src/wavewindow.c:2087:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, tname);
data/gtkwave-3.3.104/src/wavewindow.c:2359:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2+1,str);
data/gtkwave-3.3.104/src/wavewindow.c:2427:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2+1,str);
data/gtkwave-3.3.104/src/wavewindow.c:2639:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2+1,str);
data/gtkwave-3.3.104/src/wavewindow.c:2703:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str2+1,str);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:596:8: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
return(tmpnam(s));
data/gtkwave-3.3.104/src/cocoa/cocoa_misc.c:68:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *s_temp = realpath(fpath,NULL);
data/gtkwave-3.3.104/src/cocoa/cocoa_misc.c:145:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *s_temp = realpath(fpath,NULL);
data/gtkwave-3.3.104/src/debug.c:565:12: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
uRetVal = GetTempFileName(lpTempPathBuffer, TEXT("GTKW"), 0, szTempFileName);
data/gtkwave-3.3.104/src/debug.c:658:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
return(realpath(path, resolved_path));
data/gtkwave-3.3.104/src/getopt.c:226:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#ifndef getenv
data/gtkwave-3.3.104/src/getopt.c:227:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv ();
data/gtkwave-3.3.104/src/getopt.c:412:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = getenv ("POSIXLY_CORRECT");
data/gtkwave-3.3.104/src/getopt.c:1202:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (argc, argv, optstring)
data/gtkwave-3.3.104/src/getopt.c:1232:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "abc:d:0123456789");
data/gtkwave-3.3.104/src/getopt1.c:79:1: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long (argc, argv, options, long_options, opt_index)
data/gtkwave-3.3.104/src/getopt1.c:106:18: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
libc_hidden_def (getopt_long)
data/gtkwave-3.3.104/src/getopt1.c:139:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "abc:d:0123456789",
data/gtkwave-3.3.104/src/gnu-getopt.h:141:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt (int ___argc, char *const *___argv, const char *__shortopts);
data/gtkwave-3.3.104/src/gnu-getopt.h:143:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/gtkwave-3.3.104/src/gnu-getopt.h:147:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long (int ___argc, char *const *___argv,
data/gtkwave-3.3.104/src/gnu-getopt.h:161:12: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt ();
data/gtkwave-3.3.104/src/gnu-getopt.h:163:12: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
extern int getopt_long ();
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:467:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "f:h", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:469:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "f:h");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:216:27: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
uRetVal = GetTempFileName(lpTempPathBuffer, TEXT("FSTW"), 0, szTempFileName);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:304:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
return(realpath(path, resolved_path));
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:87:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "ef:o:h", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:89:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "ef:o:h");
data/gtkwave-3.3.104/src/helpers/fstminer.c:279:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "d:m:x:nch", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/fstminer.c:281:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "d:m:x:nch");
data/gtkwave-3.3.104/src/helpers/ghwdump.c:74:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "thTslv");
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:206:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "d:m:x:nch", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:208:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "d:m:x:nch");
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:374:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "l:o:fnh", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:376:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "l:o:fnh");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1733:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "v:f:ZF4cph", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1735:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "v:f:ZF4cph");
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1931:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "v:l:d:m:b:p:c:h", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1933:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "v:l:d:m:b:p:c:h");
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1942:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "v:l:d:m:b:z:htr", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1944:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "v:l:d:m:b:z:htr");
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:377:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "v:o:cfnh", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:379:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "v:o:cfnh");
data/gtkwave-3.3.104/src/helpers/vztminer.c:208:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "d:m:x:nch", long_options, &option_index);
data/gtkwave-3.3.104/src/helpers/vztminer.c:210:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, "d:m:x:nch");
data/gtkwave-3.3.104/src/main.c:736:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(!getenv("DISPLAY"))
data/gtkwave-3.3.104/src/main.c:840:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "zf:Fon:a:Ar:dl:s:e:c:t:NS:vVhxX:MD:IgCLR:P:O:WT:1:2:34:5:7", long_options,
data/gtkwave-3.3.104/src/main.c:959:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *chdir_env = getenv("GTKWAVE_CHDIR");
data/gtkwave-3.3.104/src/main.c:2590:66: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(!chdir_cache) { wave_gconf_client_set_string("/current/pwd", getenv("PWD")); }
data/gtkwave-3.3.104/src/main.c:2932:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *cygserver_env = getenv("CYGWIN");
data/gtkwave-3.3.104/src/menu.c:3926:13: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
bSuccess = CreateProcess(NULL,
data/gtkwave-3.3.104/src/menu.c:3926:13: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
bSuccess = CreateProcess(NULL,
data/gtkwave-3.3.104/src/menu.c:4049:55: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
wave_gconf_client_set_string("/current/pwd", getenv("PWD"));
data/gtkwave-3.3.104/src/menu.c:5968:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *edname = getenv("GTKWAVE_EDITOR");
data/gtkwave-3.3.104/src/pipeio.c:61:12: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
bSuccess = CreateProcess(NULL,
data/gtkwave-3.3.104/src/pipeio.c:61:12: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
bSuccess = CreateProcess(NULL,
data/gtkwave-3.3.104/src/rc.c:1183:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home=getenv("USERPROFILE");
data/gtkwave-3.3.104/src/tcl_np.c:82:21: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if(!(handle = LoadLibrary(libname))) {
data/gtkwave-3.3.104/src/tcl_np.c:86:11: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(libname) ;
data/gtkwave-3.3.104/src/tcl_np.c:94:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envdll = getenv("TCL_PLUGIN_DLL");
data/gtkwave-3.3.104/src/tcl_np.c:97:16: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(envdll);
data/gtkwave-3.3.104/src/tcl_np.c:111:14: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(libname);
data/gtkwave-3.3.104/src/tcl_np.c:121:14: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(libname);
data/gtkwave-3.3.104/src/tcl_np.c:175:14: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(libname);
data/gtkwave-3.3.104/src/tcl_np.c:321:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envdll = getenv("TCL_PLUGIN_DLL");
data/gtkwave-3.3.104/wave_locale.h:13:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *wlve = getenv("LANG"); \
data/gtkwave-3.3.104/wave_locale.h:23:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
wlve = getenv("LC_ALL"); \
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[mx];
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + pos, s, len);
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:424:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*vlen = sprintf((char *)bufferp, "%f", *((float*)vc_ptr));
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:435:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
*vlen = sprintf((char *)bufferp, "%.16g", *((double*)vc_ptr));
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:819:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scale[3];
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:822:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring[32];
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:832:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
stdout = tmpfile(); /* redirects useless log file messages that would mess up VCD output for piped execution */
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:850:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(argv[2], "wb");
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:956:43: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(top_tim) { writex(fd, timestring, sprintf(timestring, "#%"PRIu64"\n", top_tim)); }
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:963:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
writex(fd, timestring, sprintf(timestring, "$dumpon\n"));
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:967:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
writex(fd, timestring, sprintf(timestring, "$dumpoff\n"));
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:985:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(key) { writex(fd, timestring, sprintf(timestring, "#%"PRIu64"\n", key)); }
data/gtkwave-3.3.104/contrib/fsdb2vcd/fsdb2vcd_fast.cc:1078:40: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(max_tim) { writex(fd, timestring, sprintf(timestring, "#%"PRIu64"\n", max_tim)); }
data/gtkwave-3.3.104/contrib/fst_jni/fstAPI.c:599:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/contrib/rtlbrowse/jrb.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char carray[8];
data/gtkwave-3.3.104/contrib/rtlbrowse/jrb.h:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucarray[8];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:618:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
*fd = mkstemp(tmpspace);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arr[5] = { 0, 0, 0, 0, 0 }; /* scan-build : but arr[4] should work ok */
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:933:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *handle = fopen(fname, "wb");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:991:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(np, "{net ");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1006:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(singlist, tpnt, title_len);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1008:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(singlist + title_len + slen, "} ");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1655:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(default_text, "rb");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1882:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(default_text, "rb");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1947:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1952:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " occupies lines %d - %d.\n", s_line, e_line);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2130:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcb[65537];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcv[65537];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2565:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[65537];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2619:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[65537];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2649:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rc[AE2_MAXFACLEN+1];
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2733:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt2, w->text, len);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:112:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tdup, t, sizeof(ds_Tree));
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:138:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(txt2, " [MISSING]");
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:267:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[257];
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:269:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapName, "rtlbrowse%d", shmid);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:309:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(id, "rb");
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[1024], mname[1024], pname[1024], scratch[128];
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[128], mname[1024], fname[1024];
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:515:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (!(aetf=fopen(anno_ctx->aet_name, "rb"))) || (!(ae2 = ae2_read_initialize(aetf))) )
data/gtkwave-3.3.104/contrib/rtlbrowse/vlex.c:1007:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(v_preproc_name, "rb");
data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *wlf_mvl9[9] = {"'U'", "'X'", "'0'", "'1'", "'Z'", "'W'", "'L'", "'H'", "'-'"};
data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c:187:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcdid_str[10];
data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wgc.prev_hier, name, hlen);
data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c:561:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[16];
data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c:685:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[16];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZ + 1];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:66:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *qts[6];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:98:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_dup[strlen(fl)+1];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:103:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int lineno = atoi(s);
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *qts[4];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *qts[6];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:188:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *qts[4];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:210:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_dup[strlen(fl)+1];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:215:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int lineno = atoi(s);
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:282:42: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = (!strcmp("-", argv[1])) ? stdin : fopen(argv[1], "rb");
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:298:42: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = (!strcmp("-", argv[1])) ? stdin : fopen(argv[1], "rb");
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:301:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fo = fopen(argv[2], "wb");
data/gtkwave-3.3.104/examples/transaction.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1025];
data/gtkwave-3.3.104/examples/transaction.c:163:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(lhq) my_arg = atoi(lhq+1);
data/gtkwave-3.3.104/examples/transaction.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gtkwave-3.3.104/examples/transaction.c:254:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "H%d", hcnt/2);
data/gtkwave-3.3.104/examples/transaction.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gtkwave-3.3.104/examples/transaction.c:279:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "D%d:", hcnt/2);
data/gtkwave-3.3.104/src/ae2.c:447:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[AE2_MAX_NAME_LENGTH+1];
data/gtkwave-3.3.104/src/ae2.c:452:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (!(GLOBALS->ae2_f=fopen(fname, "rb"))) || (!(GLOBALS->ae2 = ae2_read_initialize(GLOBALS->ae2_f))) )
data/gtkwave-3.3.104/src/ae2.c:599:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->ae2_fr[match_idx], &GLOBALS->ae2_fr[id-1], sizeof(AE2_FACREF));
data/gtkwave-3.3.104/src/ae2.c:968:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, *value, f->length);
data/gtkwave-3.3.104/src/ae2.c:1012:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[AE2_MAXFACLEN+1];
data/gtkwave-3.3.104/src/analyzer.c:374:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2,s,len);
data/gtkwave-3.3.104/src/baseconvert.c:174:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf15[24];
data/gtkwave-3.3.104/src/baseconvert.c:203:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[32];
data/gtkwave-3.3.104/src/baseconvert.c:204:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigbuf[64];
data/gtkwave-3.3.104/src/baseconvert.c:251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[32];
data/gtkwave-3.3.104/src/baseconvert.c:252:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigbuf[64];
data/gtkwave-3.3.104/src/baseconvert.c:289:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xfwd[AN_COUNT]= AN_NORMAL ;
data/gtkwave-3.3.104/src/baseconvert.c:290:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xrev[AN_COUNT]= AN_INVERSE ;
data/gtkwave-3.3.104/src/baseconvert.c:334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, bits, nbits);
data/gtkwave-3.3.104/src/baseconvert.c:356:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt+i, bits, nbits);
data/gtkwave-3.3.104/src/baseconvert.c:735:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os, "XXX");
data/gtkwave-3.3.104/src/baseconvert.c:772:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, &utt, sizeof(double));
data/gtkwave-3.3.104/src/baseconvert.c:778:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &utt_32, sizeof(float));
data/gtkwave-3.3.104/src/baseconvert.c:779:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(os, "%f", f);
data/gtkwave-3.3.104/src/baseconvert.c:841:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os, "XXX");
data/gtkwave-3.3.104/src/baseconvert.c:860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vec[64];
data/gtkwave-3.3.104/src/baseconvert.c:864:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&swapmem, d, sizeof(guint64));
data/gtkwave-3.3.104/src/baseconvert.c:877:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t2, t, sizeof(struct TraceEnt));
data/gtkwave-3.3.104/src/baseconvert.c:895:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rv,"UNDEF");
data/gtkwave-3.3.104/src/baseconvert.c:914:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rv, "UNDEF");
data/gtkwave-3.3.104/src/baseconvert.c:1041:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xfwd[AN_COUNT]= AN_NORMAL ;
data/gtkwave-3.3.104/src/baseconvert.c:1042:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xrev[AN_COUNT]= AN_INVERSE ;
data/gtkwave-3.3.104/src/baseconvert.c:1078:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, bits, nbits);
data/gtkwave-3.3.104/src/baseconvert.c:1100:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt+i, bits, nbits);
data/gtkwave-3.3.104/src/baseconvert.c:1483:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os, "XXX");
data/gtkwave-3.3.104/src/baseconvert.c:1521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, &utt, sizeof(double));
data/gtkwave-3.3.104/src/baseconvert.c:1527:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &utt_32, sizeof(float));
data/gtkwave-3.3.104/src/baseconvert.c:1528:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(os, "%f", f);
data/gtkwave-3.3.104/src/baseconvert.c:1590:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(os, "XXX");
data/gtkwave-3.3.104/src/baseconvert.c:1674:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1025];
data/gtkwave-3.3.104/src/baseconvert.c:1834:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xfwd[AN_COUNT]= AN_NORMAL ;
data/gtkwave-3.3.104/src/baseconvert.c:1835:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xrev[AN_COUNT]= AN_INVERSE ;
data/gtkwave-3.3.104/src/baseconvert.c:1924:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&retval, &val, sizeof(double)); /* otherwise strict-aliasing rules problem if retval = *(double *)&val; */
data/gtkwave-3.3.104/src/baseconvert.c:1930:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &val_32, sizeof(float)); /* otherwise strict-aliasing rules problem if retval = *(double *)&val; */
data/gtkwave-3.3.104/src/baseconvert.c:2011:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xfwd[AN_COUNT]= AN_NORMAL ;
data/gtkwave-3.3.104/src/baseconvert.c:2012:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xrev[AN_COUNT]= AN_INVERSE ;
data/gtkwave-3.3.104/src/bitvec.c:150:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, s1, pfxlen);
data/gtkwave-3.3.104/src/bitvec.c:157:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+idx, n1, n1len);
data/gtkwave-3.3.104/src/bitvec.c:161:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+idx, n2, n2len);
data/gtkwave-3.3.104/src/bitvec.c:169:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(sfxlen) { memcpy(s+idx, sfx, sfxlen); idx+=sfxlen; }
data/gtkwave-3.3.104/src/bitvec.c:390:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ghw_str[2];
data/gtkwave-3.3.104/src/bitvec.c:503:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nexp = ExtractNodeSingleBit(&s->n[rows], atoi(str+1));
data/gtkwave-3.3.104/src/bitvec.c:557:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wild,str,len);
data/gtkwave-3.3.104/src/bitvec.c:608:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wild,str,len);
data/gtkwave-3.3.104/src/bitvec.c:640:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nexp = ExtractNodeSingleBit(&s->n[rows], atoi(wild+1));
data/gtkwave-3.3.104/src/bitvec.c:657:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bval = atoi(wild+1);
data/gtkwave-3.3.104/src/bitvec.c:660:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msi = atoi(lp+1);
data/gtkwave-3.3.104/src/bitvec.c:661:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lsi = atoi(colon+1);
data/gtkwave-3.3.104/src/bitvec.c:776:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wild,str,len);
data/gtkwave-3.3.104/src/bitvec.c:815:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nexp = ExtractNodeSingleBit(&s->n[rows], atoi(wild+1));
data/gtkwave-3.3.104/src/bitvec.c:832:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bval = atoi(wild+1);
data/gtkwave-3.3.104/src/bitvec.c:835:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msi = atoi(lp+1);
data/gtkwave-3.3.104/src/bitvec.c:836:71: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lsi = atoi(colon+1);
data/gtkwave-3.3.104/src/bitvec.c:1092:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(aname) b->name = aname; else { strcpy(b->name=(char *)malloc_2(8+1),"<Vector>"); }
data/gtkwave-3.3.104/src/bitvec.c:1097:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(aname) b->name = aname; else { strcpy(b->name=(char *)malloc_2(15+1),"<ComplexVector>"); }
data/gtkwave-3.3.104/src/bitvec.c:1310:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(aname) b->name = aname; else { strcpy(b->name=(char *)malloc_2(8+1),"<Vector>"); }
data/gtkwave-3.3.104/src/bitvec.c:1315:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(aname) b->name = aname; else { strcpy(b->name=(char *)malloc_2(15+1),"<ComplexVector>"); }
data/gtkwave-3.3.104/src/bitvec.c:1432:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*number=atoi(numptr);
data/gtkwave-3.3.104/src/bitvec.c:1756:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(aname) name = aname; else { strcpy(name=(char *)malloc_2(8+1),"<Vector>"); }
data/gtkwave-3.3.104/src/bitvec.c:1941:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nam, namex, offset);
data/gtkwave-3.3.104/src/bitvec.c:1994:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d]", actual);
data/gtkwave-3.3.104/src/bitvec.c:1998:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d][%d]", curr_row, curr_bit);
data/gtkwave-3.3.104/src/bitvec.c:2013:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+len, "{%d}", n->this_row);
data/gtkwave-3.3.104/src/bitvec.c:2199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nam, namex, offset);
data/gtkwave-3.3.104/src/bitvec.c:2252:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d]", actual);
data/gtkwave-3.3.104/src/bitvec.c:2268:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d][%d]", curr_row, curr_bit);
data/gtkwave-3.3.104/src/bitvec.c:2275:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+len, "{%d}", n->this_row);
data/gtkwave-3.3.104/src/bsearch.c:194:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcache[2];
data/gtkwave-3.3.104/src/bsearch.c:305:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tsc, ascii, i+1);
data/gtkwave-3.3.104/src/bsearch.c:310:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int whichrow = atoi(&ascii[i+1]);
data/gtkwave-3.3.104/src/cocoa/cocoa_misc.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, *out_text_entry, maxch);
data/gtkwave-3.3.104/src/currenttime.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32], sfx[2];
data/gtkwave-3.3.104/src/currenttime.c:50:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "100");
data/gtkwave-3.3.104/src/currenttime.c:54:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "10");
data/gtkwave-3.3.104/src/currenttime.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9g sec", gval);
data/gtkwave-3.3.104/src/currenttime.c:324:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9g %cs", gval, GLOBALS->scale_to_time_dimension);
data/gtkwave-3.3.104/src/currenttime.c:358:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%e Hz", k);
data/gtkwave-3.3.104/src/currenttime.c:362:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "-- Hz");
data/gtkwave-3.3.104/src/currenttime.c:434:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9g%csec", gval, blackout);
data/gtkwave-3.3.104/src/currenttime.c:438:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.9g%c%cs", gval, blackout, GLOBALS->scale_to_time_dimension);
data/gtkwave-3.3.104/src/currenttime.c:547:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(GLOBALS->maxtext_currenttime_c_1, "--");
data/gtkwave-3.3.104/src/currenttime.c:629:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(GLOBALS->maxtext_currenttime_c_1,"--");
data/gtkwave-3.3.104/src/debug.c:427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, nbytes);
data/gtkwave-3.3.104/src/debug.c:441:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, len);
data/gtkwave-3.3.104/src/debug.c:551:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szTempFileName[MAX_PATH];
data/gtkwave-3.3.104/src/debug.c:552:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lpTempPathBuffer[MAX_PATH];
data/gtkwave-3.3.104/src/debug.c:597:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
*fd = mkstemp(tmpspace);
data/gtkwave-3.3.104/src/debug.c:702:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "rb");
data/gtkwave-3.3.104/src/debug.c:731:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ch[8];
data/gtkwave-3.3.104/src/debug.h:150:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchword[4]; /* match against WAVE_MATCHWORD string */
data/gtkwave-3.3.104/src/debug.h:151:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_string[40]; /* formatted marker time */
data/gtkwave-3.3.104/src/debug.h:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aet_name[PATH_MAX+1];
data/gtkwave-3.3.104/src/debug.h:162:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stems_name[PATH_MAX+1];
data/gtkwave-3.3.104/src/debug.h:169:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchword[4]; /* match against WAVE_MATCHWORD string */
data/gtkwave-3.3.104/src/debug.h:170:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_string[40]; /* formatted marker time */
data/gtkwave-3.3.104/src/debug.h:181:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aet_name[PATH_MAX+1];
data/gtkwave-3.3.104/src/debug.h:182:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stems_name[PATH_MAX+1];
data/gtkwave-3.3.104/src/debug.h:191:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matchword[4]; /* match against DUAL_MATCHWORD string */
data/gtkwave-3.3.104/src/edgebuttons.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/gtkwave-3.3.104/src/extload.c:221:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[65537];
data/gtkwave-3.3.104/src/extload.c:239:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuff2[65537];
data/gtkwave-3.3.104/src/extload.c:254:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rc, "Upscope:\n");
data/gtkwave-3.3.104/src/extload.c:274:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typ[64];
data/gtkwave-3.3.104/src/extload.c:356:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l = atoi(l_pnt);
data/gtkwave-3.3.104/src/extload.c:357:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r = atoi(r_pnt+2);
data/gtkwave-3.3.104/src/extload.c:358:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d2 = atoi(d2_pnt);
data/gtkwave-3.3.104/src/extload.c:386:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].msi = atoi(lb+1);
data/gtkwave-3.3.104/src/extload.c:389:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].lsi = atoi(colon+1);
data/gtkwave-3.3.104/src/extload.c:418:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].msi=atoi(lb+1);
data/gtkwave-3.3.104/src/extload.c:419:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].lsi=atoi(lb+1);
data/gtkwave-3.3.104/src/extload.c:572:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vht[2048];
data/gtkwave-3.3.104/src/extload.c:573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[2048];
data/gtkwave-3.3.104/src/extload.c:574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[2048];
data/gtkwave-3.3.104/src/extload.c:651:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/extload.c:670:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS], GLOBALS->fst_scope_name, GLOBALS->extload_hlen);
data/gtkwave-3.3.104/src/extload.c:711:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS], GLOBALS->fst_scope_name, GLOBALS->extload_hlen);
data/gtkwave-3.3.104/src/extload.c:976:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zbuf[65537]; /* OK as this does not need to be re-entrant */
data/gtkwave-3.3.104/src/extload.c:1034:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l = atoi(lb);
data/gtkwave-3.3.104/src/extload.c:1035:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r = atoi(rb);
data/gtkwave-3.3.104/src/extload.c:1076:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].msi = atoi(lb+1);
data/gtkwave-3.3.104/src/extload.c:1079:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].lsi = atoi(colon+1);
data/gtkwave-3.3.104/src/extload.c:1108:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].msi=atoi(lb+1);
data/gtkwave-3.3.104/src/extload.c:1109:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->extload_node_block[i].lsi=atoi(lb+1);
data/gtkwave-3.3.104/src/extload.c:1248:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->name, nam, len+1);
data/gtkwave-3.3.104/src/extload.c:1264:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/extload.c:1273:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fnam_prev[65537]; /* OK as this does not need to be re-entrant */
data/gtkwave-3.3.104/src/extload.c:1288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->extload_namecache[0 & F_NAME_MODULUS], GLOBALS->fst_scope_name, GLOBALS->extload_hlen);
data/gtkwave-3.3.104/src/extload.c:1322:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->extload_namecache[(i+1)&F_NAME_MODULUS], GLOBALS->fst_scope_name, GLOBALS->extload_hlen);
data/gtkwave-3.3.104/src/extload.c:1599:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuff[65537];
data/gtkwave-3.3.104/src/extload.c:1605:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(GLOBALS->extload=fopen(fname, "rb")))
data/gtkwave-3.3.104/src/extload.c:1714:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->time_scale = atoi(pnt);
data/gtkwave-3.3.104/src/extload.c:2103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, *value, f->len);
data/gtkwave-3.3.104/src/extload.c:2160:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&np->head, &resolve->head, sizeof(struct HistEnt));
data/gtkwave-3.3.104/src/extload.c:2255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuff[65537];
data/gtkwave-3.3.104/src/fetchbuttons.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromstr[32];
data/gtkwave-3.3.104/src/fetchbuttons.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tostr[32];
data/gtkwave-3.3.104/src/fetchbuttons.c:104:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tostr[32];
data/gtkwave-3.3.104/src/fetchbuttons.c:138:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tostr[32];
data/gtkwave-3.3.104/src/file.c:160:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFile[260]; /* buffer for file name */
data/gtkwave-3.3.104/src/file.c:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[260]; /* buffer for path name */
data/gtkwave-3.3.104/src/file.c:162:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lpstrFilter[260]; /* more than enough room for some patterns */
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:344:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)buffer, "%f", *((float*)vc_ptr));
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:350:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)buffer, "%.16g", *((double*)vc_ptr));
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:447:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[65537];
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:558:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[65537];
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:741:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bf, "Var: ", 5);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:744:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, type, len);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:748:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, var->name, len);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:750:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, " l:", 3);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:753:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, " r:", 3);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:758:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, direction, len);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:764:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, bpb, len);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:777:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[65537];
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:798:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[16];
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:815:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bf, "Upscope:");
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:820:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bf, "End Tree:");
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:829:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bf, "Upscope:");
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:1188:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bf[16];
data/gtkwave-3.3.104/src/fst.c:535:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->name, nam, len+1);
data/gtkwave-3.3.104/src/fst.c:688:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/fst.c:726:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnam, GLOBALS->fst_scope_name, hier_len);
data/gtkwave-3.3.104/src/fst.c:728:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnam + hier_len + 1, nnam, name_len + 1);
data/gtkwave-3.3.104/src/fst.c:744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnam, nnam, name_len + 1);
data/gtkwave-3.3.104/src/fst.c:916:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, buf, len+1);
data/gtkwave-3.3.104/src/fst.c:957:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, buf, len+1);
data/gtkwave-3.3.104/src/fst.c:1003:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, f_name[(i)&F_NAME_MODULUS], len+1);
data/gtkwave-3.3.104/src/fst.c:1392:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h_vector, value, f->len);
data/gtkwave-3.3.104/src/fst.c:1440:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char membuf[1];
data/gtkwave-3.3.104/src/fst.c:1493:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&htemp->v.h_double, value, sizeof(double));
data/gtkwave-3.3.104/src/fst.c:1496:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, value, sizeof(double));
data/gtkwave-3.3.104/src/fst.c:1566:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&np->head, &resolve->head, sizeof(struct HistEnt));
data/gtkwave-3.3.104/src/fst.c:1746:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char value[2] = {0, 0};
data/gtkwave-3.3.104/src/gconf.c:34:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*this_wave_rpc_id = atoi(str);
data/gtkwave-3.3.104/src/gconf.c:75:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rcv = atoi(rc);
data/gtkwave-3.3.104/src/gconf.c:87:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_wave_rpc_id = atoi(str);
data/gtkwave-3.3.104/src/gconf.c:101:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_wave_rpc_id = atoi(str);
data/gtkwave-3.3.104/src/gconf.c:127:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(fn, "wb")))
data/gtkwave-3.3.104/src/gconf.c:280:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(s) { if(s[0]) *opt_vcd = atoi(s); g_free(s); }
data/gtkwave-3.3.104/src/gconf.c:342:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rcv = atoi(rc);
data/gtkwave-3.3.104/src/gconf.c:442:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(fn, "wb")))
data/gtkwave-3.3.104/src/gconf.c:578:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/open");
data/gtkwave-3.3.104/src/gconf.c:584:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/quit");
data/gtkwave-3.3.104/src/gconf.c:590:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/writesave");
data/gtkwave-3.3.104/src/gconf.c:596:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/reload");
data/gtkwave-3.3.104/src/gconf.c:602:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/zoom_full");
data/gtkwave-3.3.104/src/gconf.c:608:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/move_to_time");
data/gtkwave-3.3.104/src/gconf.c:614:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ks + len, "/zoom_size");
data/gtkwave-3.3.104/src/gconf.c:674:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(s) { if(s[0]) *opt_vcd = atoi(s); g_free(s); }
data/gtkwave-3.3.104/src/ghw.c:663:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gtkwave-3.3.104/src/ghw.c:676:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (n, hie->name, name_len);
data/gtkwave-3.3.104/src/ghw.c:679:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (n, buf, buf_len);
data/gtkwave-3.3.104/src/ghw.c:865:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (GLOBALS->fac_name_ghw_c_1 + GLOBALS->fac_name_len_ghw_c_1 + 1, t->name, len);
data/gtkwave-3.3.104/src/ghw.c:870:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (GLOBALS->fac_name_ghw_c_1 + GLOBALS->fac_name_len_ghw_c_1, t->name, len);
data/gtkwave-3.3.104/src/ghw.c:909:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (GLOBALS->fac_name_ghw_c_1, "top", 4);
data/gtkwave-3.3.104/src/ghw.c:1003:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char map_su2vlg[9] = {
data/gtkwave-3.3.104/src/ghw.c:1269:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, GLOBALS->facs[i]->n, sizeof(struct Node));
data/gtkwave-3.3.104/src/ghw.c:1280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, GLOBALS->treeroot, sizeof(struct tree));
data/gtkwave-3.3.104/src/ghwlib.c:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[16];
data/gtkwave-3.3.104/src/ghwlib.c:54:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
h->stream = fopen (filename, "rb");
data/gtkwave-3.3.104/src/ghwlib.c:101:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union { unsigned char b[4]; uint32_t i;} v;
data/gtkwave-3.3.104/src/ghwlib.c:359:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[12];
data/gtkwave-3.3.104/src/ghwlib.c:606:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[8];
data/gtkwave-3.3.104/src/ghwlib.c:832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[4];
data/gtkwave-3.3.104/src/ghwlib.c:1005:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[16];
data/gtkwave-3.3.104/src/ghwlib.c:1361:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[4];
data/gtkwave-3.3.104/src/ghwlib.c:1401:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[12];
data/gtkwave-3.3.104/src/ghwlib.c:1439:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[8];
data/gtkwave-3.3.104/src/ghwlib.c:1505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[4];
data/gtkwave-3.3.104/src/ghwlib.c:1664:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[8];
data/gtkwave-3.3.104/src/ghwlib.c:1678:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ent[8];
data/gtkwave-3.3.104/src/ghwlib.c:1699:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[8];
data/gtkwave-3.3.104/src/ghwlib.c:1715:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[4];
data/gtkwave-3.3.104/src/ghwlib.c:1847:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[4];
data/gtkwave-3.3.104/src/ghwlib.c:1904:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hdr[4];
data/gtkwave-3.3.104/src/ghwlib.h:422:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[4];
data/gtkwave-3.3.104/src/globals.c:1409:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g, &globals_base_values, sizeof(struct Global)); /* fill in the blanks */
data/gtkwave-3.3.104/src/globals.c:1471:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(setjmp_globals, GLOBALS, sizeof(struct Global)); /* clone */
data/gtkwave-3.3.104/src/globals.c:1571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS, setjmp_globals, sizeof(struct Global)); /* copy over old ctx */
data/gtkwave-3.3.104/src/globals.c:1597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[32];
data/gtkwave-3.3.104/src/globals.c:1641:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statefile = save_tmpfilename ? fopen(save_tmpfilename,"wb") : NULL;
data/gtkwave-3.3.104/src/globals.c:1705:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->named_markers, GLOBALS->named_markers, sizeof(GLOBALS->named_markers));
data/gtkwave-3.3.104/src/globals.c:1742:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_globals->gc, &GLOBALS->gc, sizeof(struct wave_gcmaster_t));
data/gtkwave-3.3.104/src/globals.c:1745:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_globals->gccache, &GLOBALS->gccache, sizeof(struct wave_gcmaster_t));
data/gtkwave-3.3.104/src/globals.c:1746:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_globals->gc_rainbow, &GLOBALS->gc_rainbow, 2 * WAVE_NUM_RAINBOW * sizeof(GdkGC *));
data/gtkwave-3.3.104/src/globals.c:1762:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->maxtext_currenttime_c_1, GLOBALS->maxtext_currenttime_c_1,40);
data/gtkwave-3.3.104/src/globals.c:1765:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->curtext_currenttime_c_1, GLOBALS->curtext_currenttime_c_1, 40);
data/gtkwave-3.3.104/src/globals.c:1775:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->signalfont, GLOBALS->signalfont, sizeof(struct font_engine_font_t));
data/gtkwave-3.3.104/src/globals.c:1778:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->wavefont, GLOBALS->wavefont, sizeof(struct font_engine_font_t));
data/gtkwave-3.3.104/src/globals.c:1781:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->wavefont_smaller, GLOBALS->wavefont_smaller, sizeof(struct font_engine_font_t));
data/gtkwave-3.3.104/src/globals.c:2013:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&new_globals->iter_status_c_3, &GLOBALS->iter_status_c_3, sizeof(GtkTextIter));
data/gtkwave-3.3.104/src/globals.c:2065:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(new_globals->tims), &(GLOBALS->tims), sizeof(Times));
data/gtkwave-3.3.104/src/globals.c:2226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->target_mutex_renderopt_c_1, GLOBALS->target_mutex_renderopt_c_1, sizeof(GLOBALS->target_mutex_renderopt_c_1));
data/gtkwave-3.3.104/src/globals.c:2227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->page_mutex_renderopt_c_1, GLOBALS->page_mutex_renderopt_c_1, sizeof(GLOBALS->page_mutex_renderopt_c_1));
data/gtkwave-3.3.104/src/globals.c:2228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->render_mutex_renderopt_c_1, GLOBALS->render_mutex_renderopt_c_1, sizeof(GLOBALS->render_mutex_renderopt_c_1));
data/gtkwave-3.3.104/src/globals.c:2242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_globals->pdata, GLOBALS->pdata, sizeof(SearchProgressData));
data/gtkwave-3.3.104/src/globals.c:2963:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstr[32];
data/gtkwave-3.3.104/src/globals.c:2976:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sstr, "%d", GLOBALS->this_context_page);
data/gtkwave-3.3.104/src/globals.h:519:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char double_mask_lxt_c_1[8]; /* from lxt.c 196 */
data/gtkwave-3.3.104/src/globals.h:617:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *marker_names[WAVE_NUM_NAMED_MARKERS]; /* from markerbox.c */
data/gtkwave-3.3.104/src/globals.h:618:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *shadow_marker_names[WAVE_NUM_NAMED_MARKERS]; /* from markerbox.c */
data/gtkwave-3.3.104/src/globals.h:804:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_mutex_renderopt_c_1[4]; /* from renderopt.c 346 */
data/gtkwave-3.3.104/src/globals.h:805:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_mutex_renderopt_c_1[5]; /* from renderopt.c 348 */
data/gtkwave-3.3.104/src/globals.h:806:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char render_mutex_renderopt_c_1[3]; /* from renderopt.c 350 */
data/gtkwave-3.3.104/src/globals.h:831:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regex_mutex_search_c_1[5]; /* from search.c 371 */
data/gtkwave-3.3.104/src/globals.h:1152:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcd_hier_delimeter[2]; /* from vcd.c 522 */
data/gtkwave-3.3.104/src/globals.h:1271:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_vcd_saver_c_3[16]; /* from vcd_saver.c 631 */
data/gtkwave-3.3.104/src/gnu_regex.c:132:35: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# if !defined bzero && !defined bcopy
data/gtkwave-3.3.104/src/gnu_regex.c:156:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# ifndef memcpy
data/gtkwave-3.3.104/src/gnu_regex.c:157:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) (bcopy (s, d, n), (d))
data/gtkwave-3.3.104/src/gnu_regex.c:157:30: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) (bcopy (s, d, n), (d))
data/gtkwave-3.3.104/src/gnu_regex.c:185:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char re_syntax_table[CHAR_SET_SIZE];
data/gtkwave-3.3.104/src/gnu_regex.c:325:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (destination, source, osize))
data/gtkwave-3.3.104/src/gnu_regex.c:2270:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CHAR_CLASS_MAX_LENGTH + 1];
data/gtkwave-3.3.104/src/gnu_regex.c:3163:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
range_start = ((const unsigned char *) p)[-2];
data/gtkwave-3.3.104/src/gnu_regex.c:3164:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
range_end = ((const unsigned char *) p)[0];
data/gtkwave-3.3.104/src/gnu_regex.c:5812:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (errbuf, msg, errbuf_size - 1);
data/gtkwave-3.3.104/src/gnu_regex.c:5817:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (errbuf, msg, msg_size);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:146:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_fixbuff[32769];
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:147:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bin_fixbuff2[32769];
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:155:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(vname, "rb");
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:200:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int p_hi = atoi(st+1);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:205:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_lo = atoi(p_colon+1);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:219:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(st);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:188:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return(fopen(nam, mode));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:200:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szTempFileName[MAX_PATH];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:201:1: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lpTempPathBuffer[MAX_PATH];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:242:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *f = tmpfile(); /* replace with mkstemp() + fopen(), etc if this is not good enough */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:381:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:398:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(uint64_t)];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:544:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:573:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:603:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:633:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10]; /* ceil(64/7) = 10 */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:681:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[15]; /* ceil(64/7) = 10 + sign byte padded way up */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:847:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, u, sizeof(uint32_t));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:857:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, dbuf, siz);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:874:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, u, sizeof(uint32_t));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:893:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, dbuf, siz);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:906:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[FST_HDR_SIM_VERSION_SIZE];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:907:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[FST_HDR_DATE_SIZE];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1068:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("/proc/meminfo", "rb");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1072:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[257];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1082:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_t v = atol(s+10);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf, nam, flen);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1168:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hf + flen, ".hier");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1396:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratchpnt, pnt, record_len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1407:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->curval_mem + vm4ip[0], vchg_mem + offs + 4 + wrlen, vm4ip[1]); /* checkpoint variable */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1462:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratchpnt, pnt, vm4ip[1]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1834:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc2, xc, sizeof(struct fstWriterContext));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1837:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc2->valpos_mem, xc->valpos_mem, xc->maxhandle * 4 * sizeof(uint32_t));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1842:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc2->curval_mem, xc->curval_mem, xc->maxvalpos);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2159:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hf+flen, ".pak");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2160:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(hf, "wb");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2166:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gz_membuf[FST_GZIO_LEN];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2225:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hf + flen, ".hier");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2260:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[FST_HDR_DATE_SIZE];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2266:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, dat, (len < FST_HDR_DATE_SIZE) ? len : FST_HDR_DATE_SIZE);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2279:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[FST_HDR_SIM_VERSION_SIZE];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, vers, (len < FST_HDR_SIM_VERSION_SIZE) ? len : FST_HDR_SIM_VERSION_SIZE);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2318:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[11]; /* ceil(64/7) = 10 + null term */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2457:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tv = atoi(s);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2792:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elem_count_buf[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2832:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_str+pos, name, name_len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2836:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_str+pos, elem_count_buf, elem_count_len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2939:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_value, buf, len); /* overlay new value */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2941:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->curval_mem + offs, buf, len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2965:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->curval_mem + offs, buf, len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3003:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->curval_mem + offs, buf, len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3011:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3022:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3336:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[FST_HDR_SIM_VERSION_SIZE + 1];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3337:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[FST_HDR_DATE_SIZE + 1];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3380:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_scope_nam[FST_ID_NAM_SIZ+1];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3381:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_scope_comp[FST_ID_NAM_SIZ+1];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3390:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char writex_buf[FST_WRITEX_MAX];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3429:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->writex_buf + xc->writex_pos, s, len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3946:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xc->fh = fopen(fnam, "w+b");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4260:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_dimension[2] = {0, 0};
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4349:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!str[0]) { strcpy(str, "\"\""); }
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4460:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcdid_buf[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4476:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcdid_buf[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4529:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gz_membuf[FST_GZIO_LEN];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4543:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fcomp = fopen(hf, "w+b");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4649:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rvs_buf[8];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4843:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((!nam)||(!(xc->f=fopen(nam, "rb"))))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4858:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf, nam, flen);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4859:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hf + flen, ".hier");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4860:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xc->fh = fopen(hf, "rb");
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5138:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wx_buf[32];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5143:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(dumpvars_state == 1) { wx_len = sprintf(wx_buf, "$end\n"); fstWritex(xc, wx_buf, wx_len); dumpvars_state = 2; }
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5144:50: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wx_len = sprintf(wx_buf, "#%" PRIu64 "\n", beg_tim);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5146:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(!dumpvars_state) { wx_len = sprintf(wx_buf, "$dumpvars\n"); fstWritex(xc, wx_buf, wx_len); dumpvars_state = 1; }
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5203:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcd_id[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5223:65: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->temp_signal_value_buf, mu+sig_offs, xc->signal_lens[idx]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5231:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcd_id[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5275:81: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone_d, srcdata, 8);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5286:73: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)xc->temp_signal_value_buf, "%.16g", d);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5294:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcdid_buf[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5295:73: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wx_buf[64];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5301:81: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone_d, srcdata, 8);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5566:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wx_buf[32];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5579:40: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(dumpvars_state == 1) { wx_len = sprintf(wx_buf, "$end\n"); fstWritex(xc, wx_buf, wx_len); dumpvars_state = 2; }
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5580:42: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wx_len = sprintf(wx_buf, "#%" PRIu64 "\n", time_table[i]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5582:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(!dumpvars_state) { wx_len = sprintf(wx_buf, "$dumpvars\n"); fstWritex(xc, wx_buf, wx_len); dumpvars_state = 1; }
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5627:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcd_id[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5673:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcd_id[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5758:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xc->temp_signal_value_buf, vdata, len);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5778:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5827:65: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone_d, srcdata, 8);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5838:57: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)xc->temp_signal_value_buf, "%.16g", d);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5846:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wx_buf[32];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5852:65: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone_d, srcdata, 8);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5864:66: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wx_len = sprintf(wx_buf, "r%.16g", d);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5872:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcd_id[16];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5947:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, xc->rvat_frame_data + xc->rvat_sig_offs[facidx], xc->signal_lens[facidx]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5958:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone_d, srcdata, 8);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5970:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)buf, "%.16g", d);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6516:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, vdata, xc->signal_lens[facidx]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6525:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufd[8];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6550:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone_d, srcdata, 8);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6562:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "r%.16g", d);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6709:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem[1];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6746:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chain->mem, mem, length);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6877:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char val[3];
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6941:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cnt = atoi(csp+1);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val16, memPtr, 2);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:169:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, 2);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val32, memPtr, 4);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val64, memPtr, 8);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:202:59: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void LZ4_copy4(void* dstPtr, const void* srcPtr) { memcpy(dstPtr, srcPtr, 4); }
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:204:59: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void LZ4_copy8(void* dstPtr, const void* srcPtr) { memcpy(dstPtr, srcPtr, 8); }
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:651:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRun);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:887:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, anchor, lastRunSize);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:1189:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ip, length);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:1231:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dictEnd - copySize, copySize);
data/gtkwave-3.3.104/src/helpers/fst/lz4.c:1242:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, lowPrefix, copySize);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:163:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fv = fopen(outname, "wb");
data/gtkwave-3.3.104/src/helpers/fstminer.c:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scope_names_2, scope_names, allocated_scopes * sizeof(char *));
data/gtkwave-3.3.104/src/helpers/fstminer.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, fst_scope_name, fst_scope_name_len);
data/gtkwave-3.3.104/src/helpers/fstminer.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + fst_scope_name_len + 1, fac_names[pnt_facidx], fst_signal_name + 1);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:139:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[33];
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:230:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lt->value[idx], lxt2_rd_expand_integer_to_bits(lt->len[idx], x), lt->len[idx]); break;
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:236:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lt->value[idx], lxt2_rd_expand_integer_to_bits(lt->len[idx], x), lt->len[idx]); break;
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:261:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lt->value[idx], b->string_pointers[vch], lt->len[idx]);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:412:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lt->value[idx]+i, b->string_pointers[vch]+i, lt->len[idx]-i);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:438:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lt->value[idx]+i, b->string_pointers[vch]+i-lendelta, lt->len[idx]-i);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:767:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(lt->handle=fopen(name, "rb")))
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:1470:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gzid[2];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:287:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:299:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:312:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:756:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((!name)||(!(lt->handle=fopen(name, "wb"))))
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1023:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1036:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tname, lt->lxtname, i);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1037:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tname+i, "_%03u.lxt", ++lt->break_number);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1040:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(tname, "wb");
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1047:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clone = fopen(lt->lxtname, "rb");
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1593:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[33];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1646:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_buf[32];
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1650:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(d_buf, "%.16g", value);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1829:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vfix, value, s->len);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:2104:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16]; /* To get rid of the warning */
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:2118:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "UNDEF");
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:2193:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lt->zmode, "wb%u", depth);
data/gtkwave-3.3.104/src/helpers/lxt2_write.h:203:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zmode[4]; /* fills in with "wb0".."wb9" */
data/gtkwave-3.3.104/src/helpers/lxt2_write.h:205:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gzdest[LXT2_WR_GZWRITE_BUFFER + 4]; /* enough for zlib buffering */
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:443:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fv = fopen(outname, "wb");
data/gtkwave-3.3.104/src/helpers/lxt_write.c:196:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:208:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:221:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:235:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:290:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:303:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:317:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:332:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:389:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:402:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:416:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:431:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gtkwave-3.3.104/src/helpers/lxt_write.c:750:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(lt->handle=fopen(name, "wb")))
data/gtkwave-3.3.104/src/helpers/lxt_write.c:1645:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[33];
data/gtkwave-3.3.104/src/helpers/scopenav.c:135:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, pnt, len);
data/gtkwave-3.3.104/src/helpers/shmidcat.c:100:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuff[32769];
data/gtkwave-3.3.104/src/helpers/shmidcat.c:218:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_buf[32769];
data/gtkwave-3.3.104/src/helpers/shmidcat.c:221:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[65];
data/gtkwave-3.3.104/src/helpers/shmidcat.c:232:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(argv[1], "rb");
data/gtkwave-3.3.104/src/helpers/shmidcat.c:247:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapName, "shmidcat%d", shmid);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:123:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:139:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuff2[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:154:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rc, "Upscope:\n");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:198:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vht[2048];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:199:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cname[2048];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:200:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctype[2048];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cstring[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:279:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuff[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:318:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Index[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:515:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(vname, "rb");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:754:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(st);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:760:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int p_hi = atoi(st+1);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:765:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_lo = atoi(p_colon+1);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1010:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cstring[65537];
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1147:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tv = atoi(num);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1384:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin_fixbuff + delta, buf+1, bin_len);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1410:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bin_fixbuff + delta, buf+1, bin_len);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:76:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vcd_hier_delimeter[2]={0, 0}; /* fill in after rc reading code */
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufold[65537], buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:765:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vl[2];
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:775:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vl[2];
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1671:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vcd_handle=fopen(fname,"rb");
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1949:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dodict = atoi(argv[++i]);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vcd_hier_delimeter[2]={0, 0}; /* fill in after rc reading code */
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufold[65537], buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:770:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vl[2];
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:780:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vl[2];
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1595:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vcd_handle=fopen(fname,"rb");
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1953:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_depth = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1959:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_maxgranule = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1969:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_partial_mode = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1975:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_checkpoint_disable = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vcd_hier_delimeter[2]={0, 0}; /* fill in after rc reading code */
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufold[65537], buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:772:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vl[2];
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:782:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vl[2];
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1605:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vcd_handle=fopen(fname,"rb");
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1964:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_depth = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1970:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_maxgranule = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1992:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ziptype = atoi(optarg);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:449:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fv = fopen(outname, "wb");
data/gtkwave-3.3.104/src/helpers/vzt_read.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[sizeof(vztint32_t)];
data/gtkwave-3.3.104/src/helpers/vzt_read.c:682:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xdrdata[8] = { 0,0,0,0,0,0,0,0 }; /* scan-build */
data/gtkwave-3.3.104/src/helpers/vzt_read.c:712:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, xdrdata, sizeof(double)); /* big endian, don't bytereverse */
data/gtkwave-3.3.104/src/helpers/vzt_read.c:716:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.16g", d);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:743:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gtkwave-3.3.104/src/helpers/vzt_read.c:810:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1342:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cbuf[2] = { 0, 0 };
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1370:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(lt->filename, "rb");
data/gtkwave-3.3.104/src/helpers/vzt_read.c:1681:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(lt->handle=fopen(name, "rb")))
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2039:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbuff, pname, plen);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:359:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/helpers/vzt_write.c:371:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gtkwave-3.3.104/src/helpers/vzt_write.c:384:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gtkwave-3.3.104/src/helpers/vzt_write.c:839:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((!name)||(!(lt->handle=fopen(name, "wb"))))
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1073:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1086:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tname, lt->vztname, i);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1087:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tname+i, "_%03d.vzt", ++lt->break_number);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1090:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(tname, "wb");
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1097:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clone = fopen(lt->vztname, "rb");
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1555:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, lt->timetable, lt->maxgranule * VZT_WR_GRANULE_SIZE * sizeof(vzttime_t));
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1579:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[33];
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1609:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xdrdata[8];
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1650:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xdrdata, &value, sizeof(double)); /* big endian, don't bytereverse */
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1791:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vfix, value, s->len);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1972:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lt->zmode, "wb%d", depth);
data/gtkwave-3.3.104/src/helpers/vzt_write.h:179:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zmode[4]; /* fills in with "wb0".."wb9" */
data/gtkwave-3.3.104/src/helpers/vzt_write.h:188:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gzdest[VZT_WR_GZWRITE_BUFFER + 10]; /* enough for zlib buffering */
data/gtkwave-3.3.104/src/hierpack.c:90:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vli[VLI_SIZE];
data/gtkwave-3.3.104/src/hiersearch.c:64:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "(+) ");
data/gtkwave-3.3.104/src/hiersearch.c:83:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "[] ");
data/gtkwave-3.3.104/src/hiersearch.c:90:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "[] ");
data/gtkwave-3.3.104/src/hiersearch.c:137:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "[] ");
data/gtkwave-3.3.104/src/hiersearch.c:144:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "[] ");
data/gtkwave-3.3.104/src/hiersearch.c:174:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "(+) ");
data/gtkwave-3.3.104/src/hiersearch.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hier_str[2];
data/gtkwave-3.3.104/src/hiersearch.c:514:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/hiersearch.c:635:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/interp.c:38:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(a,b,c) memcpy((b),(a),(c))
data/gtkwave-3.3.104/src/interp.c:38:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(a,b,c) memcpy((b),(a),(c))
data/gtkwave-3.3.104/src/interp.c:124:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *) ydata, (char *) mat2, n * sizeof (double));
data/gtkwave-3.3.104/src/interp.c:285:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *) data, (char *) ydata, (degree + 1) * sizeof (double));
data/gtkwave-3.3.104/src/interp.c:286:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *) oscale, (char *) xdata, (degree + 1) * sizeof (double));
data/gtkwave-3.3.104/src/jrb.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char carray[8];
data/gtkwave-3.3.104/src/jrb.h:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucarray[8];
data/gtkwave-3.3.104/src/libbz2/bzlib.c:1390:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused[BZ_MAX_UNUSED];
data/gtkwave-3.3.104/src/libbz2/bzlib.c:1393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode2[10] = "";
data/gtkwave-3.3.104/src/libbz2/bzlib.c:1425:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path,mode2);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:57:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:254:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->mem + h->offs, mem, len);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:263:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->mem + h->offs, mem, new_len);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:282:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[2] = {0, 0};
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, h->mem, len);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, h->mem, dstlen);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, h->mem + h->offs, len);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:393:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, h->mem + h->offs, len);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:401:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, h->mem + h->offs, cpylen);
data/gtkwave-3.3.104/src/libz/crc32.c:143:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("crc32.h", "w");
data/gtkwave-3.3.104/src/libz/example.c:69:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/gtkwave-3.3.104/src/libz/example.c:120:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/gtkwave-3.3.104/src/libz/example.c:214:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/gtkwave-3.3.104/src/libz/example.c:310:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/gtkwave-3.3.104/src/libz/example.c:389:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/gtkwave-3.3.104/src/libz/example.c:470:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/gtkwave-3.3.104/src/libz/gzguts.h:47:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define open _open
data/gtkwave-3.3.104/src/libz/gzlib.c:36:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/gtkwave-3.3.104/src/libz/gzlib.c:65:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown win32 error (%ld)", error);
data/gtkwave-3.3.104/src/libz/gzlib.c:245:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open((const char *)path, oflag, 0666));
data/gtkwave-3.3.104/src/libz/gzlib.c:298:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "<fd:%d>", fd); /* for debugging */
data/gtkwave-3.3.104/src/libz/gzlib.c:615:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state->msg, ": ");
data/gtkwave-3.3.104/src/libz/gzread.c:161:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->x.next, strm->next_in, strm->avail_in);
data/gtkwave-3.3.104/src/libz/gzread.c:325:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state->x.next, n);
data/gtkwave-3.3.104/src/libz/gzread.c:451:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/libz/gzread.c:591:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state->x.next, n);
data/gtkwave-3.3.104/src/libz/gzwrite.c:213:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->in + have, buf, copy);
data/gtkwave-3.3.104/src/libz/gzwrite.c:309:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/libz/gzwrite.c:444:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->in, state->in + state->size, left);
data/gtkwave-3.3.104/src/libz/gzwrite.c:543:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->in, state->in + state->size, left);
data/gtkwave-3.3.104/src/libz/inflate.c:640:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hbuf[4]; /* buffer for gzip header crc calculation */
data/gtkwave-3.3.104/src/libz/inflate.c:1405:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* to restore bit buffer to byte string */
data/gtkwave-3.3.104/src/libz/trees.c:328:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *header = fopen("trees.h", "w");
data/gtkwave-3.3.104/src/libz/zutil.c:13:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
z_const char * const z_errmsg[10] = {
data/gtkwave-3.3.104/src/libz/zutil.h:49:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/gtkwave-3.3.104/src/libz/zutil.h:109:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/gtkwave-3.3.104/src/libz/zutil.h:202:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define F_OPEN(name, mode) fopen((name), (mode))
data/gtkwave-3.3.104/src/libz/zutil.h:226:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define zmemcpy memcpy
data/gtkwave-3.3.104/src/logfile.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_text[1];
data/gtkwave-3.3.104/src/logfile.c:410:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(default_text, "rb");
data/gtkwave-3.3.104/src/logfile.c:524:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt2, w->text, len);
data/gtkwave-3.3.104/src/logfile.c:566:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(default_text, "rb");
data/gtkwave-3.3.104/src/logfile.c:623:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt2, w->text, len);
data/gtkwave-3.3.104/src/lx2.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/lx2.c:469:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, *value, f->len);
data/gtkwave-3.3.104/src/lx2.c:527:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&np->head, &resolve->head, sizeof(struct HistEnt));
data/gtkwave-3.3.104/src/lxt.c:45:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/gtkwave-3.3.104/src/lxt.c:57:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gtkwave-3.3.104/src/lxt.c:70:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/gtkwave-3.3.104/src/lxt.c:84:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gtkwave-3.3.104/src/lxt.c:251:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swapbuf[8];
data/gtkwave-3.3.104/src/lxt.c:255:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(swapbuf, ((unsigned char *)GLOBALS->mm_lxt_c_1+offset), 8);
data/gtkwave-3.3.104/src/lxt.c:356:7: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:414:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:472:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:565:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:638:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:706:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:753:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *tmp = fopen(nam, "wb");
data/gtkwave-3.3.104/src/lxt.c:756:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32768];
data/gtkwave-3.3.104/src/lxt.c:757:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd2 = open(nam, O_RDONLY);
data/gtkwave-3.3.104/src/lxt.c:758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testbyte[2]={0,0};
data/gtkwave-3.3.104/src/lxt.c:821:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testbyte[2]={0,0};
data/gtkwave-3.3.104/src/lxt.c:828:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmp = tmpfile(); if(!tmp) { fprintf(stderr, LXTHDR"could not open decompression tempfile, exiting.\n"); exit(255); }
data/gtkwave-3.3.104/src/lxt.c:942:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp = fopen(nam, "wb");
data/gtkwave-3.3.104/src/lxt.c:944:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
recfd = open(nam, O_RDONLY);
data/gtkwave-3.3.104/src/lxt.c:1257:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, GLOBALS->dict_string_mem_array_lxt_c_1[dictpos], ld);
data/gtkwave-3.3.104/src/lxt.c:1371:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->fd_lxt_c_1=open(fname, O_RDONLY);
data/gtkwave-3.3.104/src/lxt.c:1556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/gtkwave-3.3.104/src/lxt.c:1784:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&np->head, &resolve->head, sizeof(struct HistEnt));
data/gtkwave-3.3.104/src/lxt.c:2065:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, parsed, len);
data/gtkwave-3.3.104/src/lxt.c:2205:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, parsed, len);
data/gtkwave-3.3.104/src/lxt.c:2228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&htemp->v.h_double, ((char *)GLOBALS->mm_lxt_c_1+offs_dbl), sizeof(double));
data/gtkwave-3.3.104/src/main.c:97:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[32];
data/gtkwave-3.3.104/src/main.c:446:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%d", getpid());
data/gtkwave-3.3.104/src/main.c:923:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(GLOBALS->loaded_file_name, "-vcd");
data/gtkwave-3.3.104/src/main.c:1092:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GLOBALS->num_cpus = atoi(optarg);
data/gtkwave-3.3.104/src/main.c:1147:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pd = atoi(optarg);
data/gtkwave-3.3.104/src/main.c:1179:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pos, "; source ");
data/gtkwave-3.3.104/src/main.c:1356:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_replace = open(output_name, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
data/gtkwave-3.3.104/src/main.c:1414:52: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vcd_save_handle_cached = GLOBALS->vcd_save_handle=fopen(vcd_autosave_name,"wb");
data/gtkwave-3.3.104/src/main.c:1489:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(GLOBALS->loaded_file_name, "rb");
data/gtkwave-3.3.104/src/main.c:1494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/gtkwave-3.3.104/src/main.c:1590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sufbuf[5];
data/gtkwave-3.3.104/src/main.c:1591:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sufbuf, GLOBALS->loaded_file_name+strlen(GLOBALS->loaded_file_name)-5, 4);
data/gtkwave-3.3.104/src/main.c:1729:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wname, ".gtkw");
data/gtkwave-3.3.104/src/main.c:1745:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wave=fopen(wname,"rb");
data/gtkwave-3.3.104/src/main.c:1793:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wave=fopen(wname,"rb");
data/gtkwave-3.3.104/src/main.c:2520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/gtkwave-3.3.104/src/main.c:2522:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", GLOBALS->num_notebook_pages_cumulative);
data/gtkwave-3.3.104/src/main.c:2552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/gtkwave-3.3.104/src/main.c:2556:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Logfile viewer [%d]", which++);
data/gtkwave-3.3.104/src/main.c:2605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[257];
data/gtkwave-3.3.104/src/main.c:2607:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapName, "twinwave%d", GLOBALS->dual_attach_id_main_c_1);
data/gtkwave-3.3.104/src/main.c:2958:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[257];
data/gtkwave-3.3.104/src/main.c:2968:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapName, "rtlbrowse%d", shmid);
data/gtkwave-3.3.104/src/main.c:2975:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mylist[257];
data/gtkwave-3.3.104/src/main.c:2977:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mylist, "rtlbrowse.exe %08x", shmid);
data/gtkwave-3.3.104/src/main.c:2981:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->anno_ctx->matchword, WAVE_MATCHWORD, 4);
data/gtkwave-3.3.104/src/main.c:3031:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->anno_ctx->matchword, WAVE_MATCHWORD, 4);
data/gtkwave-3.3.104/src/main.c:3070:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/gtkwave-3.3.104/src/main.c:3074:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%08x", shmid);
data/gtkwave-3.3.104/src/markerbox.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[16];
data/gtkwave-3.3.104/src/markerbox.c:175:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[49];
data/gtkwave-3.3.104/src/markerbox.c:230:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[49];
data/gtkwave-3.3.104/src/markerbox.c:270:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"<None>");
data/gtkwave-3.3.104/src/markerbox.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labtitle[16];
data/gtkwave-3.3.104/src/markerbox.c:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[49];
data/gtkwave-3.3.104/src/markerbox.c:403:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"<None>");
data/gtkwave-3.3.104/src/menu.c:1071:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gt[32];
data/gtkwave-3.3.104/src/menu.c:1463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char update_string[128];
data/gtkwave-3.3.104/src/menu.c:1529:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(update_string, "Trace Hier Max Depth is now: %d\n", GLOBALS->hier_max_level);
data/gtkwave-3.3.104/src/menu.c:1556:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char za[32];
data/gtkwave-3.3.104/src/menu.c:1572:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(za,"%d",GLOBALS->hier_max_level);
data/gtkwave-3.3.104/src/menu.c:2276:41: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!pdfpath || !(handle=fopen(pdfpath,"rb")))
data/gtkwave-3.3.104/src/menu.c:2333:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstr[32];
data/gtkwave-3.3.104/src/menu.c:2341:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sstr, "%d", GLOBALS->this_context_page);
data/gtkwave-3.3.104/src/menu.c:2387:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstr[32];
data/gtkwave-3.3.104/src/menu.c:2390:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sstr, "%d", this_page);
data/gtkwave-3.3.104/src/menu.c:2637:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t_end->name, "group_end");
data/gtkwave-3.3.104/src/menu.c:3163:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gtkwave-3.3.104/src/menu.c:3167:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d bits selected, please use <= %d.\n", dirty, BITATTRIBUTES_MAX);
data/gtkwave-3.3.104/src/menu.c:3276:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->attribs+i, ba+i, sizeof(struct BitAttributes));
data/gtkwave-3.3.104/src/menu.c:3280:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->attribs+i, ba+(nodepnt-1-i), sizeof(struct BitAttributes));
data/gtkwave-3.3.104/src/menu.c:3485:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b->name=(char *)malloc_2(strlen("<Vector>")+1),"<Vector>");
data/gtkwave-3.3.104/src/menu.c:3496:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b->name=(char *)malloc_2(strlen("<ComplexVector>")+1),"<ComplexVector>");
data/gtkwave-3.3.104/src/menu.c:3548:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nam, namex, offset);
data/gtkwave-3.3.104/src/menu.c:3608:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d][%d]", row, bit);
data/gtkwave-3.3.104/src/menu.c:3612:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d][%d%c%d]", row, bit, sep2d, bit2);
data/gtkwave-3.3.104/src/menu.c:3619:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d%c%d][%d]", row, sep2d, row2, bit);
data/gtkwave-3.3.104/src/menu.c:3623:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d%c%d][%d%c%d]", row, sep2d, row2, bit, sep2d, bit2);
data/gtkwave-3.3.104/src/menu.c:3640:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d][%d]", row, bit);
data/gtkwave-3.3.104/src/menu.c:3644:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d][%d%c%d]", row, bit2, sep2d, bit);
data/gtkwave-3.3.104/src/menu.c:3651:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d%c%d][%d]", row2, sep2d, row, bit);
data/gtkwave-3.3.104/src/menu.c:3655:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nam+offset, "[%d%c%d][%d%c%d]", row2, sep2d, row, bit2, sep2d, bit);
data/gtkwave-3.3.104/src/menu.c:3846:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gtkwave-3.3.104/src/menu.c:3851:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Pattern search ID %d out of range of 1-%d available, ignoring.", (int)(which+1), WAVE_NUM_STRACE_WINDOWS);
data/gtkwave-3.3.104/src/menu.c:3856:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Waveform Display Search (%d)", (int)(which+1));
data/gtkwave-3.3.104/src/menu.c:3984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/gtkwave-3.3.104/src/menu.c:4392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm_s[32];
data/gtkwave-3.3.104/src/menu.c:4394:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nm_s, "%d", WAVE_NUM_NAMED_MARKERS);
data/gtkwave-3.3.104/src/menu.c:5064:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(*GLOBALS->fileselbox_text,"wb")))
data/gtkwave-3.3.104/src/menu.c:5456:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gt[32];
data/gtkwave-3.3.104/src/menu.c:5468:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gt, "%d", GLOBALS->strace_repeat_count);
data/gtkwave-3.3.104/src/menu.c:5480:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char update_string[128];
data/gtkwave-3.3.104/src/menu.c:5481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timval[40];
data/gtkwave-3.3.104/src/menu.c:5540:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gt[32];
data/gtkwave-3.3.104/src/menu.c:5566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char update_string[128];
data/gtkwave-3.3.104/src/menu.c:5578:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(update_string, "Fetch Size is now: "TTFormat"\n", fw);
data/gtkwave-3.3.104/src/menu.c:5589:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw[32];
data/gtkwave-3.3.104/src/menu.c:5615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char update_string[128];
data/gtkwave-3.3.104/src/menu.c:5638:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(update_string, "Zoom Amount is now: %g\n", f);
data/gtkwave-3.3.104/src/menu.c:5649:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char za[32];
data/gtkwave-3.3.104/src/menu.c:5662:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(za,"%g",(float)(GLOBALS->tims.zoom));
data/gtkwave-3.3.104/src/menu.c:5675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char update_string[128];
data/gtkwave-3.3.104/src/menu.c:5696:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(update_string, "Zoom Base is now: %g\n", za);
data/gtkwave-3.3.104/src/menu.c:5707:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char za[32];
data/gtkwave-3.3.104/src/menu.c:5720:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(za,"%g",GLOBALS->zoombase);
data/gtkwave-3.3.104/src/menu.c:6016:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(ftest = fopen(fname, "rb")))
data/gtkwave-3.3.104/src/menu.c:6054:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[32];
data/gtkwave-3.3.104/src/menu.c:6094:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "+%d", lineno);
data/gtkwave-3.3.104/src/menu.c:6867:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int shamt = GLOBALS->entrybox_text ? atoi(GLOBALS->entrybox_text) : 0;
data/gtkwave-3.3.104/src/menu.c:8543:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tcl_cmd, "source {");
data/gtkwave-3.3.104/src/menu.c:8987:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[1024];
data/gtkwave-3.3.104/src/mouseover.c:92:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int ln = sprintf(ch+pos, "s(%d)", t->t_fpdecshift);
data/gtkwave-3.3.104/src/mouseover.c:277:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flag_string[65];
data/gtkwave-3.3.104/src/mouseover.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flagged_name, t->name, name_charlen);
data/gtkwave-3.3.104/src/mouseover.c:328:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(alternate_name, "...");
data/gtkwave-3.3.104/src/mouseover.c:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char breakbuf[MOUSEOVER_BREAKSIZE+1];
data/gtkwave-3.3.104/src/mouseover.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char breakbuf[MOUSEOVER_BREAKSIZE+1];
data/gtkwave-3.3.104/src/mouseover_sigs.c:118:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int ln = sprintf(ch+pos, "s(%d)", t->t_fpdecshift);
data/gtkwave-3.3.104/src/mouseover_sigs.c:319:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flag_string[65];
data/gtkwave-3.3.104/src/mouseover_sigs.c:362:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flagged_name, tname, name_charlen);
data/gtkwave-3.3.104/src/mouseover_sigs.c:371:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(alternate_name, "...");
data/gtkwave-3.3.104/src/mouseover_sigs.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char breakbuf[MOUSEOVER_BREAKSIZE+1];
data/gtkwave-3.3.104/src/mouseover_sigs.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char breakbuf[MOUSEOVER_BREAKSIZE+1];
data/gtkwave-3.3.104/src/print.c:583:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/gtkwave-3.3.104/src/print.c:698:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts, tscan, sizeof(TraceEnt));
data/gtkwave-3.3.104/src/print.c:979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuff[32];
data/gtkwave-3.3.104/src/print.c:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuff[16];
data/gtkwave-3.3.104/src/print.c:1304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier_str[2];
data/gtkwave-3.3.104/src/print.c:3161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/gtkwave-3.3.104/src/ptranslate.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exec_name[1025];
data/gtkwave-3.3.104/src/ptranslate.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_path [1025];
data/gtkwave-3.3.104/src/rc.c:1117:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((override_rc)&&((handle=fopen(override_rc,"rb"))))
data/gtkwave-3.3.104/src/rc.c:1124:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(handle=fopen(rcname,"rb")))
data/gtkwave-3.3.104/src/rc.c:1135:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(handle=fopen(rcpath,"rb")))
data/gtkwave-3.3.104/src/rc.c:1152:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!rcpath || !(handle=fopen(rcpath,"rb")))
data/gtkwave-3.3.104/src/rc.c:1177:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(handle=fopen(rcname,"rb"))) /* no concept of ~ in win32 */
data/gtkwave-3.3.104/src/rc.c:1192:41: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((home == NULL) || (!(handle=fopen(rcpath,"rb")))) {
data/gtkwave-3.3.104/src/regex.c:33:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(a,b,c) memcpy((b),(a),(c))
data/gtkwave-3.3.104/src/regex.c:33:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(a,b,c) memcpy((b),(a),(c))
data/gtkwave-3.3.104/src/renderopt.c:93:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(*GLOBALS->fileselbox_text,"wb")))
data/gtkwave-3.3.104/src/renderopt.c:120:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(*GLOBALS->fileselbox_text,"wb")))
data/gtkwave-3.3.104/src/renderopt.c:139:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zname+len, ".ps");
data/gtkwave-3.3.104/src/renderopt.c:141:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave2=fopen(zname,"wb")))
data/gtkwave-3.3.104/src/renderopt.c:194:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(*GLOBALS->fileselbox_text,"wb")))
data/gtkwave-3.3.104/src/renderopt.c:267:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(wave=fopen(save_tmpfilename, "r+b")))
data/gtkwave-3.3.104/src/savefile.c:45:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fdf, "rb");
data/gtkwave-3.3.104/src/savefile.c:57:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dfn, "rb");
data/gtkwave-3.3.104/src/savefile.c:201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[16];
data/gtkwave-3.3.104/src/savefile.c:632:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fdf, "rb");
data/gtkwave-3.3.104/src/savefile.c:645:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dfn, "rb");
data/gtkwave-3.3.104/src/savefile.c:672:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str,"zcat ");
data/gtkwave-3.3.104/src/savefile.c:679:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wave=fopen(wname,"rb");
data/gtkwave-3.3.104/src/savefile.c:816:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wave=fopen(wname,"rb");
data/gtkwave-3.3.104/src/savefile.c:924:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msb = atoi(msbs);
data/gtkwave-3.3.104/src/savefile.c:925:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lsb = atoi(lsbs);
data/gtkwave-3.3.104/src/savefile.c:1153:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nexp = ExtractNodeSingleBit(&s->n[rows], atoi(suffix+1));
data/gtkwave-3.3.104/src/savefile.c:1174:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bval = atoi(suffix+1);
data/gtkwave-3.3.104/src/savefile.c:1177:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msi = atoi(lp+1);
data/gtkwave-3.3.104/src/savefile.c:1178:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lsi = atoi(colon+1);
data/gtkwave-3.3.104/src/savefile.c:1862:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wild,str,len);
data/gtkwave-3.3.104/src/savefile.c:1911:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wild,str,len);
data/gtkwave-3.3.104/src/savefile.c:2113:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bval = atoi(suffix+1);
data/gtkwave-3.3.104/src/savefile.c:2116:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msi = atoi(lp+1);
data/gtkwave-3.3.104/src/savefile.c:2117:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lsi = atoi(colon+1);
data/gtkwave-3.3.104/src/savefile.c:2294:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char relativeFilename[MAX_FILENAME_LEN+1];
data/gtkwave-3.3.104/src/savefile.c:2617:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fdf, "rb");
data/gtkwave-3.3.104/src/savefile.c:2629:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dfn, "rb");
data/gtkwave-3.3.104/src/search.c:278:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/search.c:428:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/search.c:791:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(GLOBALS->regex_which_search_c_1<2) strcpy(entry_suffixed, "\\<"); /* match on word boundary */
data/gtkwave-3.3.104/src/search.c:848:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s,"[] ");
data/gtkwave-3.3.104/src/search.c:855:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s,"[] ");
data/gtkwave-3.3.104/src/search.c:894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/gtkwave-3.3.104/src/search.c:895:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Limiting results to first %d entries.", GLOBALS->num_rows_search_c_2);
data/gtkwave-3.3.104/src/signalwindow.c:909:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qn_2, "...");
data/gtkwave-3.3.104/src/signalwindow.c:1027:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t_trans, tscan, sizeof(TraceEnt)); /* substitute into a synthetic trace */
data/gtkwave-3.3.104/src/status.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gtkwave-3.3.104/src/status.c:101:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"[%d] facilities found.\n",GLOBALS->numfacs);
data/gtkwave-3.3.104/src/status.c:108:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"[%d] regions found.\n",GLOBALS->regions);
data/gtkwave-3.3.104/src/status.c:116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Regions formed on demand.\n");
data/gtkwave-3.3.104/src/status.c:120:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Regions loaded on demand.\n");
data/gtkwave-3.3.104/src/strace.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *stype[WAVE_STYPE_COUNT]=
data/gtkwave-3.3.104/src/strace.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark_count_buf[64];
data/gtkwave-3.3.104/src/strace.c:369:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (mark_count_buf, "Mark Count: %d", GLOBALS->strace_ctx->timearray_size);
data/gtkwave-3.3.104/src/strace.c:792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/gtkwave-3.3.104/src/strace.c:1158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/gtkwave-3.3.104/src/strace.c:1460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notused[129];
data/gtkwave-3.3.104/src/strace.c:1472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char notused[129];
data/gtkwave-3.3.104/src/strace.c:1535:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logical_mutex_temp[6];
data/gtkwave-3.3.104/src/strace.c:1542:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(logical_mutex_temp, GLOBALS->strace_ctx->logical_mutex, 6);
data/gtkwave-3.3.104/src/strace.c:1543:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->strace_ctx->logical_mutex, GLOBALS->strace_ctx->shadow_logical_mutex, 6);
data/gtkwave-3.3.104/src/strace.c:1544:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GLOBALS->strace_ctx->shadow_logical_mutex, logical_mutex_temp, 6);
data/gtkwave-3.3.104/src/strace.c:1608:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[65537];
data/gtkwave-3.3.104/src/strace.h:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logical_mutex[6];
data/gtkwave-3.3.104/src/strace.h:106:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shadow_logical_mutex[6];
data/gtkwave-3.3.104/src/symbol.c:342:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, s, len);
data/gtkwave-3.3.104/src/symbol.c:343:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s2+len, "[0]"); /* bluespec vs modelsim */
data/gtkwave-3.3.104/src/tcl_commands.c:60:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[1024];
data/gtkwave-3.3.104/src/tcl_commands.c:88:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:90:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", intVal);
data/gtkwave-3.3.104/src/tcl_commands.c:105:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[65];
data/gtkwave-3.3.104/src/tcl_commands.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[65];
data/gtkwave-3.3.104/src/tcl_commands.c:139:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[65];
data/gtkwave-3.3.104/src/tcl_commands.c:141:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%e", dVal);
data/gtkwave-3.3.104/src/tcl_commands.c:231:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:260:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:300:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:346:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:402:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[2];
data/gtkwave-3.3.104/src/tcl_commands.c:521:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:591:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:629:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:660:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:757:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(sv);
data/gtkwave-3.3.104/src/tcl_commands.c:954:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timval[40];
data/gtkwave-3.3.104/src/tcl_commands.c:1103:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:1144:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int target = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:1173:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1197:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", l);
data/gtkwave-3.3.104/src/tcl_commands.c:1216:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1255:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", num_found);
data/gtkwave-3.3.104/src/tcl_commands.c:1266:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1289:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", num_found);
data/gtkwave-3.3.104/src/tcl_commands.c:1301:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1380:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", num_found);
data/gtkwave-3.3.104/src/tcl_commands.c:1392:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1467:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", num_found);
data/gtkwave-3.3.104/src/tcl_commands.c:1479:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1533:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", num_found);
data/gtkwave-3.3.104/src/tcl_commands.c:1545:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[33];
data/gtkwave-3.3.104/src/tcl_commands.c:1599:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reportString, "%d", num_found);
data/gtkwave-3.3.104/src/tcl_commands.c:1613:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:1656:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:1751:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_elements = atoi(str1_p) ;
data/gtkwave-3.3.104/src/tcl_commands.c:2127:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int tabnum = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:2163:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:2216:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_commands.c:2252:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int which = atoi(s);
data/gtkwave-3.3.104/src/tcl_helper.c:789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim_str[2];
data/gtkwave-3.3.104/src/tcl_helper.c:1032:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t pid = atoi(gdirect[2]);
data/gtkwave-3.3.104/src/tcl_helper.c:1069:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->tcache_treesearch_gtk2_c_2,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/tcl_helper.c:1172:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(entry_suffixed, "\\<");
data/gtkwave-3.3.104/src/tcl_helper.c:1202:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(entry_suffixed, "\\<");
data/gtkwave-3.3.104/src/tcl_helper.c:1267:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->tcache_treesearch_gtk2_c_2,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/tcl_helper.c:1281:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int bit_msb = atoi(most_recent_lbrack_list[ii]+1 + (match_type_list[ii] == 3)); /* == 3 for adjustment when lbrack is escaped */
data/gtkwave-3.3.104/src/tcl_helper.c:1304:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bit_lsb = atoi(most_recent_colon_list[ii]+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1429:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstr[257];
data/gtkwave-3.3.104/src/tcl_helper.c:1431:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pidstr, "{gtkwave PID %d} ", getpid());
data/gtkwave-3.3.104/src/tcl_helper.c:1435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mrkbuf[128];
data/gtkwave-3.3.104/src/tcl_helper.c:1540:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rpnt, "{netBus ");
data/gtkwave-3.3.104/src/tcl_helper.c:1549:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rpnt, "{net ");
data/gtkwave-3.3.104/src/tcl_helper.c:1578:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pnt2 + tcllist_len, "} ");
data/gtkwave-3.3.104/src/tcl_helper.c:1769:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char xfwd[AN_COUNT]= AN_NORMAL;
data/gtkwave-3.3.104/src/tcl_helper.c:1770:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trace_val_vec_single[2] = { 0, 0 };
data/gtkwave-3.3.104/src/tcl_helper.c:1828:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lidx = atoi(pl+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1833:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ridx = atoi(pr+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1888:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+strlen(str), "[%d]", which);
data/gtkwave-3.3.104/src/tcl_helper.c:1949:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+strlen(str), "[%d]", which);
data/gtkwave-3.3.104/src/tcl_helper.c:2349:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *av[1];
data/gtkwave-3.3.104/src/tcl_helper.c:2360:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mult_entry, hdr, hdr_len);
data/gtkwave-3.3.104/src/tcl_helper.c:2361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mult_entry + hdr_len, zm, zm_len);
data/gtkwave-3.3.104/src/tcl_helper.c:2362:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mult_entry + hdr_len + zm_len, "} ");
data/gtkwave-3.3.104/src/tcl_helper.c:2451:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(s, "rb");
data/gtkwave-3.3.104/src/tcl_helper.c:2755:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_timeout_add(atoi(tv), setvar_timer, arg);
data/gtkwave-3.3.104/src/tcl_helper.c:2769:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_timeout_add(atoi(WAVE_TCLCB_TIMER_PERIOD_INIT), setvar_timer, (gpointer)interp);
data/gtkwave-3.3.104/src/tcl_helper.c:2783:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reportString[1024];
data/gtkwave-3.3.104/src/tcl_helper.c:2784:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menuItem[512];
data/gtkwave-3.3.104/src/tcl_helper.c:2880:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tcl_cmd, "source {");
data/gtkwave-3.3.104/src/tcl_helper.c:2922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandName[128];
data/gtkwave-3.3.104/src/tcl_helper.c:2934:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(commandName, "gtkwave::");
data/gtkwave-3.3.104/src/tcl_helper.c:3005:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tcl_cmd, "source {");
data/gtkwave-3.3.104/src/tcl_helper.c:3067:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandName[32768];
data/gtkwave-3.3.104/src/tcl_helper.c:3124:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(commandName, "gtkwave::");
data/gtkwave-3.3.104/src/tcl_helper.c:3159:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(GLOBALS->repscript_name, "rb");
data/gtkwave-3.3.104/src/tcl_np.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char defaultLibraryDir[sizeof(LIB_RUNTIME_DIR)+200] = LIB_RUNTIME_DIR;
data/gtkwave-3.3.104/src/tcl_np.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *envdll, libname[MAX_PATH];
data/gtkwave-3.3.104/src/tcl_np.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH], *p ;
data/gtkwave-3.3.104/src/tcl_np.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(libname, envdll, MAX_PATH);
data/gtkwave-3.3.104/src/tcl_np.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH], vers[MAX_PATH];
data/gtkwave-3.3.104/src/tcl_np.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *envdll, libname[MAX_PATH + 128];
data/gtkwave-3.3.104/src/tcl_np.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH], *p ;
data/gtkwave-3.3.104/src/tcl_np.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(libname, envdll, MAX_PATH);
data/gtkwave-3.3.104/src/tcl_np.c:399:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dllName[MAX_PATH] = "";
data/gtkwave-3.3.104/src/tcl_support_commands.c:534:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *s, s1[1024] ;
data/gtkwave-3.3.104/src/timeentry.c:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[40];
data/gtkwave-3.3.104/src/timeentry.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromstr[40];
data/gtkwave-3.3.104/src/timeentry.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tostr[40];
data/gtkwave-3.3.104/src/timeentry.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromstr[32], tostr[32];
data/gtkwave-3.3.104/src/translate.c:185:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(name, "rb");
data/gtkwave-3.3.104/src/tree.c:148:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2048];
data/gtkwave-3.3.104/src/tree.c:414:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "[] ");
data/gtkwave-3.3.104/src/tree.c:421:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "[] ");
data/gtkwave-3.3.104/src/tree.c:701:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2048];
data/gtkwave-3.3.104/src/tree.c:800:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nt->name, GLOBALS->module_tree_c_1, GLOBALS->module_len_tree_c_1);
data/gtkwave-3.3.104/src/tree.c:840:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nt->name, GLOBALS->module_tree_c_1, GLOBALS->module_len_tree_c_1);
data/gtkwave-3.3.104/src/tree.c:866:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nt->name, GLOBALS->module_tree_c_1, GLOBALS->module_len_tree_c_1);
data/gtkwave-3.3.104/src/tree.c:1055:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(GLOBALS->sst_exclude_filename, "rb");
data/gtkwave-3.3.104/src/tree_component.c:36:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, Index, slen+1);
data/gtkwave-3.3.104/src/tree_component.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, Index, slen+1);
data/gtkwave-3.3.104/src/treesearch_gtk1.c:309:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/treesearch_gtk1.c:426:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/treesearch_gtk2.c:202:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s,"[] ");
data/gtkwave-3.3.104/src/treesearch_gtk2.c:211:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s,"[] ");
data/gtkwave-3.3.104/src/treesearch_gtk2.c:425:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hier_suffix[2];
data/gtkwave-3.3.104/src/treesearch_gtk2.c:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hier_suffix[2];
data/gtkwave-3.3.104/src/treesearch_gtk2.c:1114:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->tcache_treesearch_gtk2_c_2,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2115:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt, text, textlen);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2116:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pnt + textlen, text2, text2len);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2457:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2573:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tcache,&GLOBALS->traces,sizeof(Traces));
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2752:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recwarn[128];
data/gtkwave-3.3.104/src/ttranslate.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exec_name[1025];
data/gtkwave-3.3.104/src/ttranslate.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_path [1025];
data/gtkwave-3.3.104/src/ttranslate.c:659:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1025];
data/gtkwave-3.3.104/src/twinwave.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[257], buf2[257];
data/gtkwave-3.3.104/src/twinwave.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[65];
data/gtkwave-3.3.104/src/twinwave.c:159:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapName, "twinwave%d", shmid);
data/gtkwave-3.3.104/src/twinwave.c:168:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dual_ctx[0].matchword, DUAL_MATCHWORD, 4);
data/gtkwave-3.3.104/src/twinwave.c:169:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dual_ctx[1].matchword, DUAL_MATCHWORD, 4);
data/gtkwave-3.3.104/src/twinwave.c:185:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0+%08X", shmid);
data/gtkwave-3.3.104/src/twinwave.c:187:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", gtk_socket_get_id (GTK_SOCKET(xsocket[0])));
data/gtkwave-3.3.104/src/twinwave.c:189:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", 0);
data/gtkwave-3.3.104/src/twinwave.c:256:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "1+%08X", shmid);
data/gtkwave-3.3.104/src/twinwave.c:258:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", gtk_socket_get_id (GTK_SOCKET(xsocket[1])));
data/gtkwave-3.3.104/src/twinwave.c:260:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", 0);
data/gtkwave-3.3.104/src/twinwave.c:351:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dual_ctx[0].matchword, DUAL_MATCHWORD, 4);
data/gtkwave-3.3.104/src/twinwave.c:352:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dual_ctx[1].matchword, DUAL_MATCHWORD, 4);
data/gtkwave-3.3.104/src/twinwave.c:406:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "0+%08X", shmid);
data/gtkwave-3.3.104/src/twinwave.c:410:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", gtk_socket_get_id (GTK_SOCKET(xsocket[0])));
data/gtkwave-3.3.104/src/twinwave.c:415:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", 0);
data/gtkwave-3.3.104/src/twinwave.c:442:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "1+%08X", shmid);
data/gtkwave-3.3.104/src/twinwave.c:446:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", gtk_socket_get_id (GTK_SOCKET(xsocket[1])));
data/gtkwave-3.3.104/src/twinwave.c:451:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", 0);
data/gtkwave-3.3.104/src/vcd.c:2243:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen,"%d",msi);
data/gtkwave-3.3.104/src/vcd.c:2245:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen-1,"[%d]",msi);
data/gtkwave-3.3.104/src/vcd.c:2329:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen-1,"[%d:%d]",v->msi,v->lsi);
data/gtkwave-3.3.104/src/vcd.c:2636:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->vcd_handle_vcd_c_1=fopen(fname,"rb");
data/gtkwave-3.3.104/src/vcd_partial.c:2085:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen,"%d",msi);
data/gtkwave-3.3.104/src/vcd_partial.c:2087:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen-1,"[%d]",msi);
data/gtkwave-3.3.104/src/vcd_partial.c:2171:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen-1,"[%d:%d]",v->msi,v->lsi);
data/gtkwave-3.3.104/src/vcd_partial.c:2346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sEnv[128];
data/gtkwave-3.3.104/src/vcd_partial.c:2369:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[257];
data/gtkwave-3.3.104/src/vcd_partial.c:2371:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapName, "shmidcat%d", shmid);
data/gtkwave-3.3.104/src/vcd_recoder.c:312:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/gtkwave-3.3.104/src/vcd_recoder.c:2478:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen,"%d",msi);
data/gtkwave-3.3.104/src/vcd_recoder.c:2480:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen-1,"[%d]",msi);
data/gtkwave-3.3.104/src/vcd_recoder.c:2565:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str+slen-1,"[%d:%d]",v->msi,v->lsi);
data/gtkwave-3.3.104/src/vcd_recoder.c:2777:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->vlist_handle = fopen(ffname, "rb");
data/gtkwave-3.3.104/src/vcd_recoder.c:2826:39: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->vcd_handle_vcd_recoder_c_2=fopen(fname,"rb");
data/gtkwave-3.3.104/src/vcd_recoder.c:3018:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arr[5];
data/gtkwave-3.3.104/src/vcd_recoder.c:3219:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vector + (len - dst_len), sbuf, dst_len);
data/gtkwave-3.3.104/src/vcd_recoder.c:3223:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vector, sbuf, len);
data/gtkwave-3.3.104/src/vcd_saver.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16385];
data/gtkwave-3.3.104/src/vcd_saver.c:108:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pnt, "%d", value);
data/gtkwave-3.3.104/src/vcd_saver.c:389:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->f_vcd_saver_c_1 = fopen(fname, "wb");
data/gtkwave-3.3.104/src/vcd_saver.c:607:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msi = lsi = atoi(netname + strand_idx + 1);
data/gtkwave-3.3.104/src/vcd_saver.c:984:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, pnt, len);
data/gtkwave-3.3.104/src/vcd_saver.c:1570:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->f_vcd_saver_c_1 = fopen(fname, "wb");
data/gtkwave-3.3.104/src/vlist.c:39:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->vlist_handle = fopen(fname, "w+b");
data/gtkwave-3.3.104/src/vlist.c:49:26: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
GLOBALS->vlist_handle = tmpfile();
data/gtkwave-3.3.104/src/vlist.c:56:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GLOBALS->vlist_handle = fopen(nam, "w+b");
data/gtkwave-3.3.104/src/vlist.c:138:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem[ 4 * sizeof(long) * 2];
data/gtkwave-3.3.104/src/vlist.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vz, v, sizeof(struct vlist_t));
data/gtkwave-3.3.104/src/vlist.c:259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ipnt[1], dmem, destlen);
data/gtkwave-3.3.104/src/vlist.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vrebuild, &vhdr, sizeof(struct vlist_t));
data/gtkwave-3.3.104/src/vlist.c:342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vz, vl, sizeof(struct vlist_t));
data/gtkwave-3.3.104/src/vlist.c:466:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v2, vl, sizeof(struct vlist_t) + (vl->siz/2 * vl->elem_siz));
data/gtkwave-3.3.104/src/vlist.c:522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v2, vl, sizeof(struct vlist_t) + (vl->siz/2 /* * vl->elem_siz */)); /* scan-build */
data/gtkwave-3.3.104/src/vlist.c:536:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w, vl, rsiz);
data/gtkwave-3.3.104/src/vlist.c:627:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2 * sizeof(int)];
data/gtkwave-3.3.104/src/vlist.h:42:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[WAVE_ZIVWRAP];
data/gtkwave-3.3.104/src/vzt.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65537];
data/gtkwave-3.3.104/src/vzt.c:471:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(htemp->v.h_vector, *value, f->len);
data/gtkwave-3.3.104/src/vzt.c:529:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&np->head, &resolve->head, sizeof(struct HistEnt));
data/gtkwave-3.3.104/src/wavewindow.c:422:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t_trans, tscan, sizeof(TraceEnt)); /* substitute into a synthetic trace */
data/gtkwave-3.3.104/src/wavewindow.c:564:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuff[16];
data/gtkwave-3.3.104/src/wavewindow.c:1734:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->gccache, &GLOBALS->gc, sizeof(struct wave_gcmaster_t));
data/gtkwave-3.3.104/src/wavewindow.c:1836:1: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->gc, &GLOBALS->gccache, sizeof(struct wave_gcmaster_t));
data/gtkwave-3.3.104/src/wavewindow.c:2057:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ptr, "{%d}", t->n.nd->this_row);
data/gtkwave-3.3.104/src/wavewindow.c:2069:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(pch) {memcpy (pch,"[+]", 3); }
data/gtkwave-3.3.104/src/wavewindow.c:2072:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(pch) {memcpy (pch,"[-]", 3); }
data/gtkwave-3.3.104/src/wavewindow.c:2083:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, "} ");
data/gtkwave-3.3.104/src/wavewindow.c:2094:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, " {}");
data/gtkwave-3.3.104/src/wavewindow.c:2098:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, " {");
data/gtkwave-3.3.104/src/wavewindow.c:2112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/gtkwave-3.3.104/src/wavewindow.c:2245:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/gtkwave-3.3.104/src/wavewindow.c:2342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts, tscan, sizeof(TraceEnt));
data/gtkwave-3.3.104/src/wavewindow.c:2623:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts, tscan, sizeof(TraceEnt));
data/gtkwave-3.3.104/src/wavewindow.c:2828:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuff[32];
data/gtkwave-3.3.104/src/wavewindow.c:3026:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gc_sav, &GLOBALS->gc, sizeof(struct wave_gcmaster_t));
data/gtkwave-3.3.104/src/wavewindow.c:3039:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&GLOBALS->gc, gc_sav, sizeof(struct wave_gcmaster_t));
data/gtkwave-3.3.104/src/wavewindow.c:3197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[32];
data/gtkwave-3.3.104/src/wavewindow.c:3198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbuf, "%d", GLOBALS->traces.total);
data/gtkwave-3.3.104/src/wavewindow.c:3218:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier_str[2];
data/gtkwave-3.3.104/contrib/fst_jni/fstAPI.c:633:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/contrib/rtlbrowse/fgetdynamic.c:41:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(handle);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:603:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(P_tmpdir);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:616:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpspace = malloc(len + 1 + strlen(backpath) + 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:642:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:866:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sel && strlen(sel))
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:889:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch = *(sel2 + strlen(sel2) - 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:984:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int title_len = 5 + strlen(ctx->title) + 1;
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1003:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(node->key.s);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1149:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2 = malloc(strlen(t->ctx->which->fullname) + 1 + strlen(s) + 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1149:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2 = malloc(strlen(t->ctx->which->fullname) + 1 + strlen(s) + 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1188:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sel))
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1190:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(sel);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1220:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch = *(sel2 + strlen(sel2) - 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1262:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sel))
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:1265:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(sel);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2152:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = rc ? strlen(rc) : 0;
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2158:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+= (rc ? strlen(rc) : 0); /* scan-build : possible null pointer */
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2203:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pfx = malloc((tlen=strlen(title))+1+1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2205:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pfx+tlen, ".");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2318:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = rc ? strlen(rc) : 0;
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2324:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=(rc ? strlen(rc) : 0);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2368:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pfx = malloc((tlen=strlen(title))+1+1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2370:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pfx+tlen, ".");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2494:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = rc ? strlen(rc) : 0;
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2501:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=(rc ? strlen(rc) : 0);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2556:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pfx = malloc((tlen=strlen(title))+1+1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2558:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pfx+tlen, ".");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2600:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pfx = malloc((tlen=strlen(tstr+1))+1+1);
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2602:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pfx+tlen, ".");
data/gtkwave-3.3.104/contrib/rtlbrowse/logfile.c:2732:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(w->text);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:120:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cnl = strlen(compname_build);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:122:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
compname_full = malloc(cnl + 1 + strlen(compname) + 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:136:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt2 = malloc(strlen(txt) + strlen(" [MISSING]") + 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:136:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt2 = malloc(strlen(txt) + strlen(" [MISSING]") + 1);
data/gtkwave-3.3.104/contrib/rtlbrowse/stem_recurse.c:253:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(id);
data/gtkwave-3.3.104/contrib/rtlbrowse/tcl_helper.c:341:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, element, elSize);
data/gtkwave-3.3.104/contrib/rtlbrowse/vlex.c:1013:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(yyin);
data/gtkwave-3.3.104/contrib/rtlbrowse/vlex.c:1132:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/gtkwave-3.3.104/contrib/rtlbrowse/vlex.c:2807:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
data/gtkwave-3.3.104/contrib/vpi/sys_fst.c:485:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *n2 = malloc(strlen(name) + 64);
data/gtkwave-3.3.104/contrib/wlf2vcd/wlf2vcd.c:386:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hlen = strlen(name);
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:98:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char fl_dup[strlen(fl)+1];
data/gtkwave-3.3.104/contrib/xml2stems/xml2stems.cc:210:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char fl_dup[strlen(fl)+1];
data/gtkwave-3.3.104/examples/transaction.c:326:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(data_curr->name);
data/gtkwave-3.3.104/src/analyzer.c:49:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(pnt);
data/gtkwave-3.3.104/src/analyzer.c:524:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->name_full = alias =(char *)malloc_2(strlen(aliasname)+1);
data/gtkwave-3.3.104/src/baseconvert.c:235:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(os, bigbuf, len);
data/gtkwave-3.3.104/src/baseconvert.c:268:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(os, bigbuf, len);
data/gtkwave-3.3.104/src/baseconvert.c:908:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv=(char *)malloc_2(strlen(s)+1);
data/gtkwave-3.3.104/src/baseconvert.c:1606:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc_2(strlen(GLOBALS->xl_file_filter[t->f_filter]->trans) + 1);
data/gtkwave-3.3.104/src/baseconvert.c:1617:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2a = malloc_2(strlen(s2)+1);
data/gtkwave-3.3.104/src/baseconvert.c:1634:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PPvoid_t pv = JudyHSGet(GLOBALS->xl_enum_filter[filt], s, strlen(s));
data/gtkwave-3.3.104/src/baseconvert.c:1638:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc_2(strlen(*pv) + 1);
data/gtkwave-3.3.104/src/baseconvert.c:1647:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc_2(strlen(GLOBALS->xl_enum_filter[filt]->trans) + 1);
data/gtkwave-3.3.104/src/baseconvert.c:1686:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = fgets(buf, 1024, p->sin) ? strlen(buf) : 0;
data/gtkwave-3.3.104/src/baseconvert.c:1693:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(p->g_hChildStd_IN_Wr, s, strlen(s), &dwWritten, NULL);
data/gtkwave-3.3.104/src/baseconvert.c:1732:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2a = malloc_2(strlen(s2)+1);
data/gtkwave-3.3.104/src/baseconvert.c:1788:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2a = malloc_2(strlen(s2)+1);
data/gtkwave-3.3.104/src/bitvec.c:53:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strcmp(s1, s2)) { s = malloc_2(strlen(s1)+1); strcpy(s, s1); return(s); }
data/gtkwave-3.3.104/src/bitvec.c:315:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_len += strlen(h[i]->v.h_vector);
data/gtkwave-3.3.104/src/bitvec.c:449:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(bitvec->bvname=(char *)malloc_2(strlen(b->name)+1),b->name);
data/gtkwave-3.3.104/src/bitvec.c:524:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(str);
data/gtkwave-3.3.104/src/bitvec.c:652:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ns = malloc_2(strlen(wild+i) + 32);
data/gtkwave-3.3.104/src/bitvec.c:738:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:827:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ns = malloc_2(strlen(wild+i) + 32);
data/gtkwave-3.3.104/src/bitvec.c:907:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:954:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:1053:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:1071:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1=strlen(s1);
data/gtkwave-3.3.104/src/bitvec.c:1078:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2=strlen(s2);
data/gtkwave-3.3.104/src/bitvec.c:1138:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b->name,s1,root1len-1);
data/gtkwave-3.3.104/src/bitvec.c:1166:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b->name,s1,root1len-1);
data/gtkwave-3.3.104/src/bitvec.c:1263:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen(vec)+1),vec);
data/gtkwave-3.3.104/src/bitvec.c:1289:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1=strlen(s1);
data/gtkwave-3.3.104/src/bitvec.c:1296:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2=strlen(s2);
data/gtkwave-3.3.104/src/bitvec.c:1343:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b->name,s1,root1len-1);
data/gtkwave-3.3.104/src/bitvec.c:1358:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b->name,s1,root1len-1);
data/gtkwave-3.3.104/src/bitvec.c:1737:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1=strlen(s1);
data/gtkwave-3.3.104/src/bitvec.c:1744:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2=strlen(s2);
data/gtkwave-3.3.104/src/bitvec.c:1796:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,s1,root1len-1);
data/gtkwave-3.3.104/src/bitvec.c:1824:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,s1,root1len-1);
data/gtkwave-3.3.104/src/bitvec.c:1901:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(namex);
data/gtkwave-3.3.104/src/bitvec.c:2012:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = offset + strlen(nam+offset);
data/gtkwave-3.3.104/src/bitvec.c:2016:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = offset + strlen(nam+offset);
data/gtkwave-3.3.104/src/bitvec.c:2159:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(namex);
data/gtkwave-3.3.104/src/bitvec.c:2274:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = offset + strlen(nam+offset);
data/gtkwave-3.3.104/src/bitvec.c:2278:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = offset + strlen(nam+offset);
data/gtkwave-3.3.104/src/bsearch.c:222:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((maxlen<=0)||(!ascii)||(!(len=strlen(ascii)))) return(NULL);
data/gtkwave-3.3.104/src/bsearch.c:253:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((maxlen<=0)||(!ascii)||(!(len=strlen(ascii)))) return(NULL);
data/gtkwave-3.3.104/src/bsearch.c:289:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!ascii)||(!(len=strlen(ascii)))) return(NULL);
data/gtkwave-3.3.104/src/cocoa/cocoa_misc.c:288:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(*out_text_entry);
data/gtkwave-3.3.104/src/currenttime.c:33:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/gtkwave-3.3.104/src/currenttime.c:58:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "1");
data/gtkwave-3.3.104/src/currenttime.c:65:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(WAVE_SI_UNITS);
data/gtkwave-3.3.104/src/currenttime.c:74:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "s");
data/gtkwave-3.3.104/src/currenttime.c:195:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int compar_len = strlen(compar);
data/gtkwave-3.3.104/src/debug.c:425:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nbytes = strlen(s) + 1;
data/gtkwave-3.3.104/src/debug.c:439:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/src/debug.c:582:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(P_tmpdir);
data/gtkwave-3.3.104/src/debug.c:595:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpspace = malloc_2(len + 1 + strlen(backpath) + 1);
data/gtkwave-3.3.104/src/debug.c:620:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = wave_alloca(strlen(pfx) + strlen(title) + 1);
data/gtkwave-3.3.104/src/debug.c:620:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = wave_alloca(strlen(pfx) + strlen(title) + 1);
data/gtkwave-3.3.104/src/debug.c:630:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = wave_alloca(64 + strlen(title) + 1); /* make extra long */
data/gtkwave-3.3.104/src/debug.c:708:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hdr[0] = fgetc(f);
data/gtkwave-3.3.104/src/debug.c:709:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hdr[1] = fgetc(f);
data/gtkwave-3.3.104/src/debug.c:738:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(fgetc(f) == EOF) goto chk_ex;
data/gtkwave-3.3.104/src/debug.c:744:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e_ch[i] = c = fgetc(f);
data/gtkwave-3.3.104/src/entry.c:51:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(entry_text))) GLOBALS->entrybox_text=NULL;
data/gtkwave-3.3.104/src/entry.c:113:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=strlen(out_text_entry);
data/gtkwave-3.3.104/src/extload.c:624:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocate_and_decorate_module_tree_node(ttype, cname, ctype, strlen(cname), strlen(ctype), 0, 0);
data/gtkwave-3.3.104/src/extload.c:624:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
allocate_and_decorate_module_tree_node(ttype, cname, ctype, strlen(cname), strlen(ctype), 0, 0);
data/gtkwave-3.3.104/src/extload.c:665:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fnam);
data/gtkwave-3.3.104/src/extload.c:685:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fnam);
data/gtkwave-3.3.104/src/extload.c:701:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fnam);
data/gtkwave-3.3.104/src/extload.c:730:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fnam);
data/gtkwave-3.3.104/src/extload.c:936:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->extload_hlen = GLOBALS->fst_scope_name ? strlen(GLOBALS->fst_scope_name) : 0;
data/gtkwave-3.3.104/src/extload.c:1280:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fnam);
data/gtkwave-3.3.104/src/extload.c:1311:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen(fnam);
data/gtkwave-3.3.104/src/extload.c:1480:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fsdb_append_graft_chain(strlen(fnam_prev), fnam_prev, i, GLOBALS->extload_npar[i & F_NAME_MODULUS]);
data/gtkwave-3.3.104/src/extload.c:1555:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->extload_hlen = GLOBALS->fst_scope_name ? strlen(GLOBALS->fst_scope_name) : 0;
data/gtkwave-3.3.104/src/extload.c:1987:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(subst))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/extload.c:2129:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = malloc_2(strlen(*value)+1);
data/gtkwave-3.3.104/src/fgetdynamic.c:30:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(handle);
data/gtkwave-3.3.104/src/fgetdynamic.c:68:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s2 = s + strlen(s) - 1;
data/gtkwave-3.3.104/src/fgetdynamic.c:74:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len = strlen(s2)))
data/gtkwave-3.3.104/src/fgetdynamic.c:111:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt = malloc_2(strlen(w->curr->payload)+1);
data/gtkwave-3.3.104/src/file.c:81:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->pFileChooseFilterName = malloc_2(strlen(t) + 1);
data/gtkwave-3.3.104/src/file.c:119:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((alloclen=strlen(allocbuf)))
data/gtkwave-3.3.104/src/file.c:245:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szlen = strlen(szFile);
data/gtkwave-3.3.104/src/file.c:246:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suflen = strlen(suf_str);
data/gtkwave-3.3.104/src/file.c:406:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*GLOBALS->fileselbox_text=(char *)malloc_2(strlen(can)+1);
data/gtkwave-3.3.104/src/file.c:458:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(*filesel_path);
data/gtkwave-3.3.104/src/file.c:551:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((alloclen=strlen(allocbuf)))
data/gtkwave-3.3.104/src/file.c:566:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *suffix = wave_alloca(strlen(pattn) + 1);
data/gtkwave-3.3.104/src/file.c:585:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) > strlen(suffix))
data/gtkwave-3.3.104/src/file.c:585:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) > strlen(suffix))
data/gtkwave-3.3.104/src/file.c:587:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strcmp(s + strlen(s) - strlen(suffix), suffix))
data/gtkwave-3.3.104/src/file.c:587:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strcmp(s + strlen(s) - strlen(suffix), suffix))
data/gtkwave-3.3.104/src/file.c:594:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fix_suffix: s2 = malloc_2(strlen(s) + strlen(suffix) + 1);
data/gtkwave-3.3.104/src/file.c:594:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fix_suffix: s2 = malloc_2(strlen(s) + strlen(suffix) + 1);
data/gtkwave-3.3.104/src/fonts.c:198:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = strlen(string) * font->mono_width;
data/gtkwave-3.3.104/src/fonts.c:218:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((GLOBALS->fontname_signals)&&(strlen(GLOBALS->fontname_signals)))
data/gtkwave-3.3.104/src/fonts.c:270:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((GLOBALS->fontname_waves)&&(strlen(GLOBALS->fontname_waves)))
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:747:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(var->name);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:987:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fh.u.scope.name_length = strlen(fh.u.scope.name);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:991:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fh.u.scope.component_length = strlen(fh.u.scope.component);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:1149:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fh.u.var.name_length = strlen(fh.u.var.name);
data/gtkwave-3.3.104/src/fsdb_wrapper_api.cc:1164:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fh.u.scope.name_length = strlen(fh.u.scope.name);
data/gtkwave-3.3.104/src/fst.c:474:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PPvoid_t pv = JudyHSIns(&e, fe->val_arr[ie], strlen(fe->val_arr[ie]), NULL);
data/gtkwave-3.3.104/src/fst.c:1031:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fst_append_graft_chain(strlen(nnam), nnam, i, npar);
data/gtkwave-3.3.104/src/fst.c:1750:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vs = calloc_2(1, strlen(s) + 1); /* will never be as big as original string */
data/gtkwave-3.3.104/src/fst.c:1766:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vslen = strlen(vs);
data/gtkwave-3.3.104/src/gconf.c:627:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ks = wave_alloca(WAVE_GCONF_DIR_LEN + 32 + strlen(key) + 1);
data/gtkwave-3.3.104/src/gconf.c:641:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ks = wave_alloca(WAVE_GCONF_DIR_LEN + 32 + strlen(key) + 1);
data/gtkwave-3.3.104/src/getopt.c:249:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# if (!defined __STDC__ || !__STDC__) && !defined strlen
data/gtkwave-3.3.104/src/getopt.c:252:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extern int strlen (const char *);
data/gtkwave-3.3.104/src/getopt.c:443:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = nonoption_flags_max_len = strlen (orig_str);
data/gtkwave-3.3.104/src/getopt.c:671:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== (unsigned int) strlen (p->name))
data/gtkwave-3.3.104/src/getopt.c:716:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:782:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:816:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:821:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:1008:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/gtkwave-3.3.104/src/getopt.c:1048:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:1086:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:1118:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/getopt.c:1122:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gtkwave-3.3.104/src/ghw.c:149:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s) - 1;
data/gtkwave-3.3.104/src/ghw.c:359:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(subst))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/ghw.c:421:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = (struct tree *) calloc_2(1, sizeof (struct tree) + strlen(pfx) + 1);
data/gtkwave-3.3.104/src/ghw.c:597:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = (struct tree *) calloc_2(1, sizeof (struct tree) + strlen(pfx) + 1);
data/gtkwave-3.3.104/src/ghw.c:607:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = (struct tree *) calloc_2(1, sizeof (struct tree) + strlen(pfx) + 1);
data/gtkwave-3.3.104/src/ghw.c:669:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (hie->name);
data/gtkwave-3.3.104/src/ghw.c:670:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len = strlen (buf);
data/gtkwave-3.3.104/src/ghw.c:688:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = (struct tree *) calloc_2(1, sizeof (struct tree) + strlen(hie->name) + 1);
data/gtkwave-3.3.104/src/ghw.c:853:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (t->name) + 1;
data/gtkwave-3.3.104/src/ghw.c:1279:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct tree *t = calloc_2(1, sizeof(struct tree) + strlen(base_hier) + 1);
data/gtkwave-3.3.104/src/ghwlib.c:33:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen (decomp) + 1 + strlen(filename) + 1;
data/gtkwave-3.3.104/src/ghwlib.c:33:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen (decomp) + 1 + strlen(filename) + 1;
data/gtkwave-3.3.104/src/ghwlib.c:160:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:175:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int v = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:195:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int v = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:220:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int v = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:268:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int t = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:398:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:415:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:622:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:824:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc (h->stream) != 0)
data/gtkwave-3.3.104/src/ghwlib.c:845:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:955:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:964:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
v = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:1049:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
t = fgetc (h->stream);
data/gtkwave-3.3.104/src/ghwlib.c:1570:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, base->en.lits[val->b2], len - 1);
data/gtkwave-3.3.104/src/ghwlib.c:1581:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (buf, base->en.lits[val->e8], len - 1);
data/gtkwave-3.3.104/src/globals.c:1431:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = calloc_2_into_context(g, 1, strlen(o) + 1);
data/gtkwave-3.3.104/src/gnu_regex.c:5560:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = regex_compile (s, strlen (s), re_syntax_options, &re_comp_buf);
data/gtkwave-3.3.104/src/gnu_regex.c:5577:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen (s);
data/gtkwave-3.3.104/src/gnu_regex.c:5674:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = regex_compile (pattern, strlen (pattern), syntax, preg);
data/gtkwave-3.3.104/src/gnu_regex.c:5725:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (string);
data/gtkwave-3.3.104/src/gnu_regex.c:5803:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size = strlen (msg) + 1; /* Includes the null. */
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:68:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:478:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/evcd2vcd.c:507:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:341:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(__fd, pnt + i, ((__len - i) >= SSIZE_MAX) ? SSIZE_MAX : (__len - i));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:551:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:580:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:610:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:1164:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(nam);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2036:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fnam = (char *)malloc(strlen(xc->filename) + 5 + 1);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2155:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(xc->filename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2219:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(xc->filename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2262:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dat);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2281:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(vers);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2357:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(path);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2611:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(nam);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2711:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xc->hier_file_len += strlen(scopename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2715:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xc->hier_file_len += strlen(scopecomp);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2763:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xc->hier_file_len += strlen(attrname);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2804:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2812:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
literal_lens[i] = strlen(literal_arr[i]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:2815:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_lens[i] = strlen(val_arr[i]);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3536:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = chl + 1 + strlen(nam);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:3892:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fnam = (char *)malloc(strlen(xc->filename) + 6 + 16 + 32 + 1);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4099:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int tag = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4104:48: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xc->hier.u.scope.typ = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4106:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4114:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4128:47: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xc->hier.u.attr.typ = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4129:51: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xc->hier.u.attr.subtype = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4131:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4189:52: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xc->hier.u.var.direction = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4191:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4318:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int tag = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4322:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
scopetype = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4325:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4330:31: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(fgetc(xc->fh)) { }; /* scopecomp */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4340:36: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
attrtype = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4341:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
subtype = fgetc(xc->fh);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4343:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4426:40: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
/* vardir = */ fgetc(xc->fh); /* unused in VCD reader, but need to advance read pointer */
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4428:37: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(xc->fh)))
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4524:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sectype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4532:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(xc->filename);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4613:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sectype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4674:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4680:38: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4802:60: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xc->blackout_activity[i] = fgetc(xc->f) != 0;
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:4850:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(nam);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5011:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sectype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:5334:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
packtype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6032:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sectype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6057:35: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sectype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6182:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
xc->rvat_packtype = fgetc(xc->f);
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6971:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = fstUtilityEscToBin(NULL, (unsigned char*)et->literal_arr[i], strlen(et->literal_arr[i]));
data/gtkwave-3.3.104/src/helpers/fst/fstapi.c:6982:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = fstUtilityEscToBin(NULL, (unsigned char*)et->val_arr[i], strlen(et->val_arr[i]));
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:102:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fstname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:108:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/fst2vcd.c:137:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fstname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/fstminer.c:114:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fst_scope_name_len = strlen(fst_scope_name);
data/gtkwave-3.3.104/src/helpers/fstminer.c:115:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fst_signal_name = strlen(fac_names[pnt_facidx]);
data/gtkwave-3.3.104/src/helpers/fstminer.c:167:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen((const char *)pnt_value);
data/gtkwave-3.3.104/src/helpers/fstminer.c:298:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/fstminer.c:303:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = malloc((matchlen = strlen(optarg))+1);
data/gtkwave-3.3.104/src/helpers/fstminer.c:308:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = malloc((matchlen = 4*strlen(optarg))+1);
data/gtkwave-3.3.104/src/helpers/fstminer.c:381:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/lxt2_read.c:607:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->string_lens[i] = strlen(pnt);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:489:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc((s->namlen=strlen(name))+1),name);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:524:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:943:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(name)) > lt->longestname) lt->longestname = len;
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:987:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(alias)) > lt->longestname) lt->longestname = len;
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1018:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(lt->lxtname);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1661:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int vlen = strlen(d_buf)+1;
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1741:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int vlen = strlen(value)+1;
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1810:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(value); /* ensure string is proper length */
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:1963:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int vlen = strlen(vpnt)+1;
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:2001:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s->value, value, s->len);
data/gtkwave-3.3.104/src/helpers/lxt2_write.c:2107:26: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmp, "x");
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:225:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:230:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = malloc((matchlen = strlen(optarg))+1);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:235:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = malloc((matchlen = 4*strlen(optarg))+1);
data/gtkwave-3.3.104/src/helpers/lxt2miner.c:301:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:385:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:391:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/lxt2vcd.c:426:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:553:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc((s->namlen=strlen(name))+1),name);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:588:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/gtkwave-3.3.104/src/helpers/lxt_write.c:1321:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(name)) > lt->longestname) lt->longestname = len;
data/gtkwave-3.3.104/src/helpers/lxt_write.c:1364:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(alias)) > lt->longestname) lt->longestname = len;
data/gtkwave-3.3.104/src/helpers/lxt_write.c:1931:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int vlen = strlen(vpnt)+1;
data/gtkwave-3.3.104/src/helpers/lxt_write.c:2610:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int vlen = strlen(vpnt)+1;
data/gtkwave-3.3.104/src/helpers/shmidcat.c:129:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/src/helpers/shmidcat.c:294:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_strlen += strlen(l_buf+buf_strlen);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:444:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sfxlen = strlen(sfx);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:445:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return((strlen(s)>=sfxlen)&&(!strcasecmp(s+strlen(s)-sfxlen,sfx)));
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:445:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return((strlen(s)>=sfxlen)&&(!strcasecmp(s+strlen(s)-sfxlen,sfx)));
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:788:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash = vcdid_hash(st, strlen(st));
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pnt)) { found = 1; }
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1199:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pnt) > 3) { found = 1; }
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1453:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p_len = strlen(src);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1483:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash = vcdid_hash(sp+1, strlen(sp+1)); /* nl is no longer good here */
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1627:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ucase_ext, "/");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1632:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ucase_ext, "/");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1637:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ucase_ext, "/");
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1641:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(ucase_ext);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1744:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1750:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1802:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vcd2fst.c:1807:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:360:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(vcd_handle);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:369:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(vcd_handle);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:590:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vst=malloc_2(strlen(varsplit)+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:718:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->len=strlen(str);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1523:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(vector);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1656:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(fname)>2)&&(!strcmp(fname+strlen(fname)-3,".gz")))
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1656:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(fname)>2)&&(!strcmp(fname+strlen(fname)-3,".gz")))
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1660:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen=strlen(WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1661:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=(char *)wave_alloca(strlen(fname)+dlen+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt.c:1812:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:365:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(vcd_handle);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:374:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(vcd_handle);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:595:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vst=malloc_2(strlen(varsplit)+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:723:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->len=strlen(str);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1526:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(vector);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1580:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(fname)>2)&&(!strcmp(fname+strlen(fname)-3,".gz")))
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1580:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(fname)>2)&&(!strcmp(fname+strlen(fname)-3,".gz")))
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1584:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen=strlen(WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1585:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=(char *)wave_alloca(strlen(fname)+dlen+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1746:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1942:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:1948:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:2003:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vcd2lxt2.c:2008:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:367:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(vcd_handle);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:376:4: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(vcd_handle);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:597:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vst=malloc_2(strlen(varsplit)+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:725:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->len=strlen(str);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1536:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(vector);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1590:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(fname)>2)&&(!strcmp(fname+strlen(fname)-3,".gz")))
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1590:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(fname)>2)&&(!strcmp(fname+strlen(fname)-3,".gz")))
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1594:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen=strlen(WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1595:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=(char *)wave_alloca(strlen(fname)+dlen+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1754:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1953:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:1959:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:2017:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vname = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vcd2vzt.c:2022:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:388:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:394:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vzt2vcd.c:432:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:443:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt += (strlen(pnt) + 1);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2032:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(pname);
data/gtkwave-3.3.104/src/helpers/vzt_read.c:2046:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen2 = strlen(pname);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:605:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc((s->namlen=strlen(name))+1),name);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:640:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:993:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(name)) > lt->longestname) lt->longestname = len;
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1037:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(alias)) > lt->longestname) lt->longestname = len;
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1068:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(lt->vztname);
data/gtkwave-3.3.104/src/helpers/vzt_write.c:1772:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valuelen = strlen(value); /* ensure string is proper length */
data/gtkwave-3.3.104/src/helpers/vztminer.c:227:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(optarg)+1);
data/gtkwave-3.3.104/src/helpers/vztminer.c:232:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = malloc((matchlen = strlen(optarg))+1);
data/gtkwave-3.3.104/src/helpers/vztminer.c:237:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
match = malloc((matchlen = 4*strlen(optarg))+1);
data/gtkwave-3.3.104/src/helpers/vztminer.c:310:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lxname = malloc(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/hiersearch.c:63:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(t2->name)+5);
data/gtkwave-3.3.104/src/hiersearch.c:82:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(tmp3)+4);
data/gtkwave-3.3.104/src/hiersearch.c:89:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(t2->name)+4);
data/gtkwave-3.3.104/src/hiersearch.c:136:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(tmp3)+4);
data/gtkwave-3.3.104/src/hiersearch.c:143:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(t2->name)+4);
data/gtkwave-3.3.104/src/hiersearch.c:173:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(t2->name)+5);
data/gtkwave-3.3.104/src/hiersearch.c:205:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(tc->label->name);
data/gtkwave-3.3.104/src/hiersearch.c:241:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(entry_text))) GLOBALS->entrybox_text_local_hiersearch_c_1=NULL;
data/gtkwave-3.3.104/src/hiersearch.c:801:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(GLOBALS->entrybox_text_local_hiersearch_c_1))
data/gtkwave-3.3.104/src/libbz2/bzlib.c:908:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Int32 c = fgetc ( f );
data/gtkwave-3.3.104/src/libbz2/bzlib.c:1418:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mode2,"b"); /* binary mode */
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:81:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h->read_cnt += read(h->fd, buf+idx, 1);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:291:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h->read_cnt += read(h->fd, hdr, 2);
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:329:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h->read_cnt += (rc = read(h->fd, h->mem, dstlen));
data/gtkwave-3.3.104/src/liblzma/LzmaLib.c:338:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h->read_cnt += (rc = read(h->fd, h->dmem, srclen));
data/gtkwave-3.3.104/src/libz/example.c:64:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uLong len = (uLong)strlen(hello)+1;
data/gtkwave-3.3.104/src/libz/example.c:94:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(hello)+1;
data/gtkwave-3.3.104/src/libz/example.c:151:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)uncompr) != 7) { /* " hello!" */
data/gtkwave-3.3.104/src/libz/example.c:175:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uLong len = (uLong)strlen(hello)+1;
data/gtkwave-3.3.104/src/libz/example.c:350:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uInt len = (uInt)strlen(hello)+1;
data/gtkwave-3.3.104/src/libz/example.c:449:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_stream.avail_in = (uInt)strlen(hello)+1;
data/gtkwave-3.3.104/src/libz/gzguts.h:48:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define read _read
data/gtkwave-3.3.104/src/libz/gzlib.c:199:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char *)path);
data/gtkwave-3.3.104/src/libz/gzlib.c:605:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
data/gtkwave-3.3.104/src/libz/gzlib.c:605:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
data/gtkwave-3.3.104/src/libz/gzlib.c:611:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
data/gtkwave-3.3.104/src/libz/gzlib.c:611:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
data/gtkwave-3.3.104/src/libz/gzread.c:35:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(state->fd, buf + *have, get);
data/gtkwave-3.3.104/src/libz/gzwrite.c:370:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/gtkwave-3.3.104/src/libz/gzwrite.c:426:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(next);
data/gtkwave-3.3.104/src/libz/gzwrite.c:524:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(next);
data/gtkwave-3.3.104/src/logfile.c:136:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(sel);
data/gtkwave-3.3.104/src/logfile.c:153:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int silen = strlen(WAVE_SI_UNITS);
data/gtkwave-3.3.104/src/logfile.c:216:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(sel);
data/gtkwave-3.3.104/src/logfile.c:236:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int silen = strlen(WAVE_SI_UNITS);
data/gtkwave-3.3.104/src/logfile.c:413:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc_2(strlen(default_text)+128);
data/gtkwave-3.3.104/src/logfile.c:523:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(w->text);
data/gtkwave-3.3.104/src/logfile.c:542:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
log_c = calloc(1, sizeof(struct logfile_instance_t) + strlen(default_text)); /* deliberately not calloc_2, needs to be persistent! */
data/gtkwave-3.3.104/src/logfile.c:569:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc_2(strlen(default_text)+128);
data/gtkwave-3.3.104/src/logfile.c:622:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(w->text);
data/gtkwave-3.3.104/src/lx2.c:93:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fnam);
data/gtkwave-3.3.104/src/lx2.c:107:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fnam);
data/gtkwave-3.3.104/src/lx2.c:184:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=malloc_2(strlen(f_name[(i)&F_NAME_MODULUS])+1);
data/gtkwave-3.3.104/src/lx2.c:240:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(GLOBALS->facs[i]->name))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/lx2.c:339:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(subst=GLOBALS->facs[i]->name))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/lx2.c:496:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = malloc_2(strlen(*value)+1);
data/gtkwave-3.3.104/src/lxt.c:376:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt+=(strlen(pnt)+1);
data/gtkwave-3.3.104/src/lxt.c:767:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is_bz2 = (read(GLOBALS->fd_lxt_c_1, &testbyte, 2))&&(testbyte[0]=='B')&&(testbyte[1]=='Z');
data/gtkwave-3.3.104/src/lxt.c:835:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is_bz2 = (read(GLOBALS->fd_lxt_c_1, &testbyte, 2))&&(testbyte[0]=='B')&&(testbyte[1]=='Z');
data/gtkwave-3.3.104/src/lxt.c:1251:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ld = strlen(GLOBALS->dict_string_mem_array_lxt_c_1[dictpos]);
data/gtkwave-3.3.104/src/lxt.c:1624:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=malloc_2(strlen(f_name[i])+1);
data/gtkwave-3.3.104/src/lxt.c:1676:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(subst=GLOBALS->facs[i]->name))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/main.c:243:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(EXTLOAD_SUFFIX);
data/gtkwave-3.3.104/src/main.c:403:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dfile);
data/gtkwave-3.3.104/src/main.c:404:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->ftext_main_main_c_1 = malloc_2(strlen(dfile)+2);
data/gtkwave-3.3.104/src/main.c:409:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(GLOBALS->ftext_main_main_c_1 + len, "/");
data/gtkwave-3.3.104/src/main.c:414:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(GLOBALS->ftext_main_main_c_1 + len, "\\");
data/gtkwave-3.3.104/src/main.c:440:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = malloc_2(strlen(argv[0])+1+10);
data/gtkwave-3.3.104/src/main.c:443:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = buffer + strlen(buffer);
data/gtkwave-3.3.104/src/main.c:444:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pos, "_");
data/gtkwave-3.3.104/src/main.c:445:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = buffer + strlen(buffer);
data/gtkwave-3.3.104/src/main.c:724:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->whoami=malloc_2(strlen(argv[0])+1); /* cache name in case we fork later */
data/gtkwave-3.3.104/src/main.c:1016:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->loaded_file_name = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1027:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wname = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1033:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
override_rc = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1070:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->skip_start = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1076:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->skip_end = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1083:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->stems_name = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1106:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scriptfile = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1115:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->name = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1141:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->repscript_name = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1164:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(GLOBALS->tcl_init_cmd)+9+strlen(optarg);
data/gtkwave-3.3.104/src/main.c:1164:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(GLOBALS->tcl_init_cmd)+9+strlen(optarg);
data/gtkwave-3.3.104/src/main.c:1165:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buffer = malloc_2(strlen(GLOBALS->tcl_init_cmd)+1);
data/gtkwave-3.3.104/src/main.c:1170:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = GLOBALS->tcl_init_cmd + strlen(GLOBALS->tcl_init_cmd);
data/gtkwave-3.3.104/src/main.c:1175:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = 9+strlen(optarg);
data/gtkwave-3.3.104/src/main.c:1180:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = GLOBALS->tcl_init_cmd + strlen(GLOBALS->tcl_init_cmd);
data/gtkwave-3.3.104/src/main.c:1188:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output_name = malloc_2(strlen(optarg)+1);
data/gtkwave-3.3.104/src/main.c:1226:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->loaded_file_name = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/main.c:1231:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wname = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/main.c:1236:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
override_rc = malloc_2(strlen(argv[optind])+1);
data/gtkwave-3.3.104/src/main.c:1434:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->winname=malloc_2(strlen(winstd)+4+1);
data/gtkwave-3.3.104/src/main.c:1441:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->winname=malloc_2(strlen(GLOBALS->loaded_file_name)+strlen(winprefix)+1);
data/gtkwave-3.3.104/src/main.c:1441:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->winname=malloc_2(strlen(GLOBALS->loaded_file_name)+strlen(winprefix)+1);
data/gtkwave-3.3.104/src/main.c:1447:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->winname=malloc_2(strlen(GLOBALS->loaded_file_name)+strlen(iact)+1);
data/gtkwave-3.3.104/src/main.c:1447:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->winname=malloc_2(strlen(GLOBALS->loaded_file_name)+strlen(iact)+1);
data/gtkwave-3.3.104/src/main.c:1515:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->aet_name = malloc_2(strlen(GLOBALS->loaded_file_name)+1);
data/gtkwave-3.3.104/src/main.c:1532:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->aet_name = malloc_2(strlen(GLOBALS->loaded_file_name)+1);
data/gtkwave-3.3.104/src/main.c:1548:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->aet_name = malloc_2(strlen(GLOBALS->loaded_file_name)+1);
data/gtkwave-3.3.104/src/main.c:1563:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->aet_name = malloc_2(strlen(GLOBALS->loaded_file_name)+1);
data/gtkwave-3.3.104/src/main.c:1588:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(GLOBALS->loaded_file_name)>4) /* case for .aet? type filenames */
data/gtkwave-3.3.104/src/main.c:1591:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sufbuf, GLOBALS->loaded_file_name+strlen(GLOBALS->loaded_file_name)-5, 4);
data/gtkwave-3.3.104/src/main.c:1597:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->aet_name = malloc_2(strlen(GLOBALS->loaded_file_name)+1);
data/gtkwave-3.3.104/src/main.c:1622:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->unoptimized_vcd_file_name = calloc_2(1,strlen(GLOBALS->loaded_file_name) + 1);
data/gtkwave-3.3.104/src/main.c:1701:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pnt = wave_alloca(strlen(GLOBALS->loaded_file_name) + 1);
data/gtkwave-3.3.104/src/main.c:1705:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(pnt)>2)&&(!strcasecmp(pnt+strlen(pnt)-3,".gz")))
data/gtkwave-3.3.104/src/main.c:1705:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(pnt)>2)&&(!strcasecmp(pnt+strlen(pnt)-3,".gz")))
data/gtkwave-3.3.104/src/main.c:1707:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt[strlen(pnt)-3] = 0x00;
data/gtkwave-3.3.104/src/main.c:1709:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(pnt)>3)&&(!strcasecmp(pnt+strlen(pnt)-4,".zip")))
data/gtkwave-3.3.104/src/main.c:1709:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(pnt)>3)&&(!strcasecmp(pnt+strlen(pnt)-4,".zip")))
data/gtkwave-3.3.104/src/main.c:1711:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt[strlen(pnt)-4] = 0x00;
data/gtkwave-3.3.104/src/main.c:1714:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnt2 = pnt + strlen(pnt);
data/gtkwave-3.3.104/src/main.c:1727:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wname = malloc_2(strlen(pnt) + 6);
data/gtkwave-3.3.104/src/main.c:1732:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(((strlen(wname)>2)&&(!strcasecmp(wname+strlen(wname)-3,".gz")))||
data/gtkwave-3.3.104/src/main.c:1732:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(((strlen(wname)>2)&&(!strcasecmp(wname+strlen(wname)-3,".gz")))||
data/gtkwave-3.3.104/src/main.c:1733:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(wname)>3)&&(!strcasecmp(wname+strlen(wname)-4,".zip"))))
data/gtkwave-3.3.104/src/main.c:1733:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen(wname)>3)&&(!strcasecmp(wname+strlen(wname)-4,".zip"))))
data/gtkwave-3.3.104/src/main.c:1736:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen=strlen(WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/main.c:1737:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=wave_alloca(strlen(wname)+dlen+1);
data/gtkwave-3.3.104/src/main.c:1748:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->filesel_writesave = malloc_2(strlen(wname)+1); /* don't handle compressed files */
data/gtkwave-3.3.104/src/main.c:3085:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = realloc_2(res, strlen(res) + strlen(xec) + 1);
data/gtkwave-3.3.104/src/main.c:3085:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = realloc_2(res, strlen(res) + strlen(xec) + 1);
data/gtkwave-3.3.104/src/main.c:3126:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc_2(strlen("vcd") + 4 + 1);
data/gtkwave-3.3.104/src/main.c:3151:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc_2(9 + (strlen(GLOBALS->unoptimized_vcd_file_name) + 1) + (strlen(GLOBALS->unoptimized_vcd_file_name) + 4 + 1));
data/gtkwave-3.3.104/src/main.c:3151:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc_2(9 + (strlen(GLOBALS->unoptimized_vcd_file_name) + 1) + (strlen(GLOBALS->unoptimized_vcd_file_name) + 4 + 1));
data/gtkwave-3.3.104/src/main.c:3155:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = malloc_2(strlen(GLOBALS->unoptimized_vcd_file_name) + 4 + 1);
data/gtkwave-3.3.104/src/main.c:3160:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc_2(strlen(GLOBALS->unoptimized_vcd_file_name) + 4 + 1);
data/gtkwave-3.3.104/src/main.c:3186:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = realloc_2(res, strlen(res) + strlen(xec) + 1);
data/gtkwave-3.3.104/src/main.c:3186:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = realloc_2(res, strlen(res) + strlen(xec) + 1);
data/gtkwave-3.3.104/src/markerbox.c:52:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(so);
data/gtkwave-3.3.104/src/markerbox.c:111:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(entry_text && strlen(entry_text))
data/gtkwave-3.3.104/src/markerbox.c:145:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(entry_text && strlen(entry_text))
data/gtkwave-3.3.104/src/markerbox.c:191:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(entry_text)) goto failure;
data/gtkwave-3.3.104/src/markerbox.c:246:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(entry_text)) goto failure;
data/gtkwave-3.3.104/src/menu.c:2271:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdfpath = (char *)alloca(strlen(rpath) + strlen(suf) + 1);
data/gtkwave-3.3.104/src/menu.c:2271:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdfpath = (char *)alloca(strlen(rpath) + strlen(suf) + 1);
data/gtkwave-3.3.104/src/menu.c:2615:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_begin->name = (char *)malloc_2(1+strlen(name));
data/gtkwave-3.3.104/src/menu.c:2636:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_end->name = (char *)malloc_2(1+strlen("group_end"));
data/gtkwave-3.3.104/src/menu.c:2641:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_end->name = (char *)malloc_2(1+strlen(name));
data/gtkwave-3.3.104/src/menu.c:3059:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->n.vec->bvname = (char *)malloc_2(1+strlen(GLOBALS->entrybox_text));
data/gtkwave-3.3.104/src/menu.c:3485:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen("<Vector>")+1),"<Vector>");
data/gtkwave-3.3.104/src/menu.c:3496:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(strlen("<ComplexVector>")+1),"<ComplexVector>");
data/gtkwave-3.3.104/src/menu.c:3516:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(namex);
data/gtkwave-3.3.104/src/menu.c:3556:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offsety = strlen(namey);
data/gtkwave-3.3.104/src/menu.c:3661:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(b->name=(char *)malloc_2(offset + strlen(nam+offset)+1), nam);
data/gtkwave-3.3.104/src/menu.c:3923:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szCmdline = malloc_2(strlen(GLOBALS->whoami) + 1 + strlen(*GLOBALS->fileselbox_text) + 1);
data/gtkwave-3.3.104/src/menu.c:3923:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szCmdline = malloc_2(strlen(GLOBALS->whoami) + 1 + strlen(*GLOBALS->fileselbox_text) + 1);
data/gtkwave-3.3.104/src/menu.c:4703:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->name_full = (char *)malloc_2(1+strlen(GLOBALS->entrybox_text));
data/gtkwave-3.3.104/src/menu.c:5053:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*GLOBALS->fileselbox_text);
data/gtkwave-3.3.104/src/menu.c:5124:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(GLOBALS->filesel_writesave);
data/gtkwave-3.3.104/src/menu.c:5217:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((fname)&&strlen(fname))
data/gtkwave-3.3.104/src/menu.c:5272:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((fname)&&strlen(fname))
data/gtkwave-3.3.104/src/menu.c:5314:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((fname)&&strlen(fname))
data/gtkwave-3.3.104/src/menu.c:6021:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = strlen(fname);
data/gtkwave-3.3.104/src/menu.c:6030:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = wave_alloca(strlen(rp) + 1);
data/gtkwave-3.3.104/src/menu.c:8522:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen(name);
data/gtkwave-3.3.104/src/menu.c:8545:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcl_cmd+8+nlen, "}");
data/gtkwave-3.3.104/src/mouseover.c:295:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_charlen = asciivalue ? strlen(asciivalue) : 0;
data/gtkwave-3.3.104/src/mouseover.c:306:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_clipboard_set_text (clip, t->name, strlen(t->name));
data/gtkwave-3.3.104/src/mouseover.c:314:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_charlen = t->name ? strlen(t->name) : 0;
data/gtkwave-3.3.104/src/mouseover.c:349:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(breakbuf, asciivalue + (i*MOUSEOVER_BREAKSIZE), MOUSEOVER_BREAKSIZE);
data/gtkwave-3.3.104/src/mouseover.c:424:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(breakbuf, asciivalue + (i*MOUSEOVER_BREAKSIZE), MOUSEOVER_BREAKSIZE);
data/gtkwave-3.3.104/src/mouseover_sigs.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(vartype_strings[vartype]);
data/gtkwave-3.3.104/src/mouseover_sigs.c:338:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_charlen = asciivalue ? strlen(asciivalue) : 0;
data/gtkwave-3.3.104/src/mouseover_sigs.c:349:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_clipboard_set_text (clip, t->name, strlen(t->name));
data/gtkwave-3.3.104/src/mouseover_sigs.c:357:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_charlen = tname ? strlen(tname) : 0;
data/gtkwave-3.3.104/src/mouseover_sigs.c:392:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(breakbuf, asciivalue + (i*MOUSEOVER_BREAKSIZE), MOUSEOVER_BREAKSIZE);
data/gtkwave-3.3.104/src/mouseover_sigs.c:466:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(breakbuf, asciivalue + (i*MOUSEOVER_BREAKSIZE), MOUSEOVER_BREAKSIZE);
data/gtkwave-3.3.104/src/pipeio.c:51:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(args) == 0)
data/gtkwave-3.3.104/src/pipeio.c:57:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szCmdline = malloc_2(strlen(execappname) + 1 + strlen(args) + 1);
data/gtkwave-3.3.104/src/pipeio.c:57:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szCmdline = malloc_2(strlen(execappname) + 1 + strlen(args) + 1);
data/gtkwave-3.3.104/src/pipeio.c:137:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!arg)||(strlen(arg) == 0)) {
data/gtkwave-3.3.104/src/pipeio.c:157:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) == 0) {
data/gtkwave-3.3.104/src/print.c:263:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/gtkwave-3.3.104/src/print.c:489:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/gtkwave-3.3.104/src/print.c:665:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchars = strlen (buf);
data/gtkwave-3.3.104/src/print.c:681:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numchars = strlen (buf);
data/gtkwave-3.3.104/src/print.c:714:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2 = (char *) malloc_2 (strlen (str) + 2);
data/gtkwave-3.3.104/src/print.c:720:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((slen = strlen (str2)) > GLOBALS->ps_maxveclen)
data/gtkwave-3.3.104/src/print.c:803:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2 = (char *) malloc_2 (strlen (str) + 2);
data/gtkwave-3.3.104/src/print.c:810:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (str2)) > GLOBALS->ps_maxveclen)
data/gtkwave-3.3.104/src/print.c:1126:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (timebuff, "0");
data/gtkwave-3.3.104/src/print.c:3232:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxwidth = strlen (buf);
data/gtkwave-3.3.104/src/print.c:3234:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxwidth += strlen (t->asciivalue);
data/gtkwave-3.3.104/src/ptranslate.c:114:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg = name + strlen(exec_name);
data/gtkwave-3.3.104/src/ptranslate.c:122:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > 0) {
data/gtkwave-3.3.104/src/ptranslate.c:124:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(arg) - 1;
data/gtkwave-3.3.104/src/ptranslate.c:134:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char *)malloc_2(strlen(exec_name)+6+1);
data/gtkwave-3.3.104/src/ptranslate.c:140:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(abs_path) == 0)||(!result))
data/gtkwave-3.3.104/src/ptranslate.c:281:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->procsel_filter[GLOBALS->num_proc_filters] = malloc_2(strlen(*GLOBALS->fileselbox_text) + 1);
data/gtkwave-3.3.104/src/ptranslate.c:471:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->procsel_filter[GLOBALS->num_proc_filters] = malloc_2(strlen(name) + 1);
data/gtkwave-3.3.104/src/rc.c:63:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str)) { set_wave_menu_accelerator(str); }
data/gtkwave-3.3.104/src/rc.c:72:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str)) { GLOBALS->alt_hier_delimeter=str[0]; }
data/gtkwave-3.3.104/src/rc.c:287:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->fontname_logfile=(char *)malloc_2(strlen(str)+1);
data/gtkwave-3.3.104/src/rc.c:296:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->fontname_signals=(char *)malloc_2(strlen(str)+1);
data/gtkwave-3.3.104/src/rc.c:305:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->fontname_waves=(char *)malloc_2(strlen(str)+1);
data/gtkwave-3.3.104/src/rc.c:373:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str)) { GLOBALS->hier_delimeter=str[0]; GLOBALS->hier_was_explicitly_set=1; }
data/gtkwave-3.3.104/src/rc.c:1047:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(str);
data/gtkwave-3.3.104/src/rc.c:1130:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpath=(char *)alloca(strlen(home)+1+strlen(rcname)+1);
data/gtkwave-3.3.104/src/rc.c:1130:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpath=(char *)alloca(strlen(home)+1+strlen(rcname)+1);
data/gtkwave-3.3.104/src/rc.c:1132:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rcpath,"/");
data/gtkwave-3.3.104/src/rc.c:1147:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpath = (char *)alloca(strlen(rpath) + strlen(suf) + 1);
data/gtkwave-3.3.104/src/rc.c:1147:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpath = (char *)alloca(strlen(rpath) + strlen(suf) + 1);
data/gtkwave-3.3.104/src/rc.c:1186:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpath=(char *)alloca(strlen(home)+1+strlen(rcname)+1);
data/gtkwave-3.3.104/src/rc.c:1186:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcpath=(char *)alloca(strlen(home)+1+strlen(rcname)+1);
data/gtkwave-3.3.104/src/rc.c:1188:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rcpath,"\\");
data/gtkwave-3.3.104/src/renderopt.c:128:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(*GLOBALS->fileselbox_text) ;
data/gtkwave-3.3.104/src/renderopt.c:218:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = wave_alloca(strlen(ban) + strlen(user_data) + 32);
data/gtkwave-3.3.104/src/renderopt.c:218:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = wave_alloca(strlen(ban) + strlen(user_data) + 32);
data/gtkwave-3.3.104/src/rgb.c:827:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l=strlen(str);
data/gtkwave-3.3.104/src/savefile.c:204:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(mbuf)<2)
data/gtkwave-3.3.104/src/savefile.c:671:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=wave_alloca(strlen(wname)+5+1);
data/gtkwave-3.3.104/src/savefile.c:730:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(lhq+1);
data/gtkwave-3.3.104/src/savefile.c:929:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(w);
data/gtkwave-3.3.104/src/savefile.c:931:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msbslen = strlen(msbs);
data/gtkwave-3.3.104/src/savefile.c:932:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsbslen = strlen(lsbs);
data/gtkwave-3.3.104/src/savefile.c:936:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rname) + /* vector alias name */
data/gtkwave-3.3.104/src/savefile.c:961:22: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if(i!=lsb) t += sprintf(t, " ");
data/gtkwave-3.3.104/src/savefile.c:969:22: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
if(i!=lsb) t += sprintf(t, " ");
data/gtkwave-3.3.104/src/savefile.c:1000:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(w))) return(0);
data/gtkwave-3.3.104/src/savefile.c:1141:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf(w2+strlen(prefix),"%s",suffix);
data/gtkwave-3.3.104/src/savefile.c:1169:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ns = malloc_2(strlen(suffix+i) + 32);
data/gtkwave-3.3.104/src/savefile.c:1214:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newl = strdup_2(w2+strlen(prefix));
data/gtkwave-3.3.104/src/savefile.c:1243:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w2=w2+strlen(prefix);
data/gtkwave-3.3.104/src/savefile.c:1294:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w3 = malloc_2(strlen(w2) + 1 + strlen(rightmost_lbrack+1) + 1);
data/gtkwave-3.3.104/src/savefile.c:1294:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w3 = malloc_2(strlen(w2) + 1 + strlen(rightmost_lbrack+1) + 1);
data/gtkwave-3.3.104/src/savefile.c:1308:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w3 = malloc_2(1 + strlen(w2) + 5);
data/gtkwave-3.3.104/src/savefile.c:1381:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lens = strlen(w2+2);
data/gtkwave-3.3.104/src/savefile.c:1995:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(w))) return(0);
data/gtkwave-3.3.104/src/savefile.c:2087:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sscanf(w2+strlen(prefix),"%s",suffix);
data/gtkwave-3.3.104/src/savefile.c:2108:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ns = malloc_2(strlen(suffix+i) + 32);
data/gtkwave-3.3.104/src/savefile.c:2151:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newl = strdup_2(w2+strlen(prefix));
data/gtkwave-3.3.104/src/savefile.c:2176:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w2=w2+strlen(prefix);
data/gtkwave-3.3.104/src/savefile.c:2206:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w3 = malloc_2(strlen(w2) + 1 + strlen(rightmost_lbrack+1) + 1);
data/gtkwave-3.3.104/src/savefile.c:2206:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w3 = malloc_2(strlen(w2) + 1 + strlen(rightmost_lbrack+1) + 1);
data/gtkwave-3.3.104/src/savefile.c:2218:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w3 = malloc_2(1 + strlen(w2) + 5);
data/gtkwave-3.3.104/src/savefile.c:2298:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdLen = strlen(currentDirectory);
data/gtkwave-3.3.104/src/savefile.c:2299:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
afLen = strlen(absoluteFilename);
data/gtkwave-3.3.104/src/savefile.c:2472:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
synth_nam = malloc_2(strlen(dup_this_save) + strlen(grf) + 1);
data/gtkwave-3.3.104/src/savefile.c:2472:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
synth_nam = malloc_2(strlen(dup_this_save) + strlen(grf) + 1);
data/gtkwave-3.3.104/src/savefile.c:2498:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pfxlen = strlen(pfx);
data/gtkwave-3.3.104/src/savefile.c:2499:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *orig_save2 = malloc_2(strlen(orig_save) + pfxlen + 1);
data/gtkwave-3.3.104/src/savefile.c:2500:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *orig_dump2 = malloc_2(strlen(orig_dump) + pfxlen + 1);
data/gtkwave-3.3.104/src/savefile.c:2592:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfn = wave_alloca(strlen(dfn)+1); /* as context can change on file load */
data/gtkwave-3.3.104/src/savefile.c:2600:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sfn = wave_alloca(strlen(sfn)+1); /* as context can change on file load */
data/gtkwave-3.3.104/src/savefile.c:2613:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fdf = wave_alloca(strlen(old_fdf)+1);
data/gtkwave-3.3.104/src/savefile.c:2642:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(lcname);
data/gtkwave-3.3.104/src/savefile.c:2811:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int sfxlen = strlen(sfx);
data/gtkwave-3.3.104/src/savefile.c:2812:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return((strlen(s)>=sfxlen)&&(!strcasecmp(s+strlen(s)-sfxlen,sfx)));
data/gtkwave-3.3.104/src/savefile.c:2812:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return((strlen(s)>=sfxlen)&&(!strcasecmp(s+strlen(s)-sfxlen,sfx)));
data/gtkwave-3.3.104/src/search.c:94:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(entry_text)))
data/gtkwave-3.3.104/src/search.c:95:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy((GLOBALS->entrybox_text_local_search_c_2=(char *)malloc_2(strlen(vname)+1)),vname); /* make consistent with other widgets rather than producing NULL */
data/gtkwave-3.3.104/src/search.c:776:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(entry_text))
data/gtkwave-3.3.104/src/search.c:789:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_suffixed=wave_alloca(strlen(GLOBALS->searchbox_text_search_c_1 /* scan-build, was entry_text */)+strlen(regex_type[GLOBALS->regex_which_search_c_1])+1+((GLOBALS->regex_which_search_c_1<2)?2:0));
data/gtkwave-3.3.104/src/search.c:789:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_suffixed=wave_alloca(strlen(GLOBALS->searchbox_text_search_c_1 /* scan-build, was entry_text */)+strlen(regex_type[GLOBALS->regex_which_search_c_1])+1+((GLOBALS->regex_which_search_c_1<2)?2:0));
data/gtkwave-3.3.104/src/search.c:847:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=(char *)malloc_2(strlen(tmp2)+4);
data/gtkwave-3.3.104/src/search.c:854:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=(char *)malloc_2(strlen(hfacname)+4);
data/gtkwave-3.3.104/src/search.c:1204:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(GLOBALS->searchbox_text_search_c_1)) search_enter_callback(GLOBALS->entry_search_c_3,NULL);
data/gtkwave-3.3.104/src/signalwindow.c:879:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dhq = g_malloc(strlen(GLOBALS->dnd_helper_quartz)+1);
data/gtkwave-3.3.104/src/signalwindow.c:900:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int qn_len = strlen(qn);
data/gtkwave-3.3.104/src/status.c:27:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/gtkwave-3.3.104/src/strace.c:276:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(entry_text))) return;
data/gtkwave-3.3.104/src/strace.c:1612:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buff);
data/gtkwave-3.3.104/src/symbol.c:172:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(s->name=(char *)malloc_2(strlen(name)+1),name);
data/gtkwave-3.3.104/src/symbol.c:335:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/src/tcl_commands.c:1332:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_name = strlen(name);
data/gtkwave-3.3.104/src/tcl_commands.c:1333:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_elem = strlen(elem[i]);
data/gtkwave-3.3.104/src/tcl_commands.c:1418:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_name = strlen(name);
data/gtkwave-3.3.104/src/tcl_commands.c:1419:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_elem = strlen(elem[i]);
data/gtkwave-3.3.104/src/tcl_commands.c:1831:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(s && (strlen(s) > 1)) { /* exclude empty strings */
data/gtkwave-3.3.104/src/tcl_commands.c:1832:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/src/tcl_commands.c:1855:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GLOBALS->selected_hierarchy_name)) :
data/gtkwave-3.3.104/src/tcl_helper.c:359:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, element, elSize);
data/gtkwave-3.3.104/src/tcl_helper.c:797:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (strlen(elem[i])) + 1;
data/gtkwave-3.3.104/src/tcl_helper.c:1140:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unesc_len = strlen(unescaped_str);
data/gtkwave-3.3.104/src/tcl_helper.c:1150:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hfacname_len = strlen(hfacname);
data/gtkwave-3.3.104/src/tcl_helper.c:1170:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_suffixed=wave_alloca(2+strlen(s_new)+strlen(this_regex)+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1170:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_suffixed=wave_alloca(2+strlen(s_new)+strlen(this_regex)+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1200:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_suffixed=wave_alloca(2+strlen(s_new)+strlen(this_regex)+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1200:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry_suffixed=wave_alloca(2+strlen(s_new)+strlen(this_regex)+1);
data/gtkwave-3.3.104/src/tcl_helper.c:1437:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(pidstr+strlen(pidstr), "{marker %s} ", mrkbuf);
data/gtkwave-3.3.104/src/tcl_helper.c:1474:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/gtkwave-3.3.104/src/tcl_helper.c:1529:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tcllist_len = strlen(tcllist);
data/gtkwave-3.3.104/src/tcl_helper.c:1536:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 8 + strlen(tcllist) + 1 + 1 + 1; /* "{netBus ...} " + trailing null char */
data/gtkwave-3.3.104/src/tcl_helper.c:1545:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 5 + strlen(tcllist) + 1 + 1 + 1; /* "{net ...} " + trailing null char */
data/gtkwave-3.3.104/src/tcl_helper.c:1555:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len_value = strlen(opt_value);
data/gtkwave-3.3.104/src/tcl_helper.c:1559:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 15 + (len_value + 1) + strlen(tcllist) + 1 + 1 + 1; /* "{netBusValue 0x...} " + trailing null char */
data/gtkwave-3.3.104/src/tcl_helper.c:1568:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 10 + (len_value + 1) + strlen(tcllist) + 1 + 1 + 1; /* "{netValue ...} " + trailing null char */
data/gtkwave-3.3.104/src/tcl_helper.c:1835:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int first_str_len = strlen(first_str ? first_str : (first_str = strdup_2("INTERNAL_ERROR"))); /* : case added for scan-build */
data/gtkwave-3.3.104/src/tcl_helper.c:1888:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(str+strlen(str), "[%d]", which);
data/gtkwave-3.3.104/src/tcl_helper.c:1949:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(str+strlen(str), "[%d]", which);
data/gtkwave-3.3.104/src/tcl_helper.c:2348:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hdr_len = strlen(hdr);
data/gtkwave-3.3.104/src/tcl_helper.c:2355:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zm_len = strlen(zm);
data/gtkwave-3.3.104/src/tcl_helper.c:2454:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch0 = getc(f);
data/gtkwave-3.3.104/src/tcl_helper.c:2455:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch1 = getc(f);
data/gtkwave-3.3.104/src/tcl_helper.c:2816:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(s);
data/gtkwave-3.3.104/src/tcl_helper.c:2875:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((nam) && (strlen(nam)) && (!GLOBALS->tcl_running))
data/gtkwave-3.3.104/src/tcl_helper.c:2878:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen(nam);
data/gtkwave-3.3.104/src/tcl_helper.c:2882:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcl_cmd+8+nlen, "}");
data/gtkwave-3.3.104/src/tcl_helper.c:2900:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc_2(strlen("--script ") + strlen(tpnt) + 1 + 1);
data/gtkwave-3.3.104/src/tcl_helper.c:2900:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = malloc_2(strlen("--script ") + strlen(tpnt) + 1 + 1);
data/gtkwave-3.3.104/src/tcl_helper.c:3003:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen(GLOBALS->repscript_name);
data/gtkwave-3.3.104/src/tcl_helper.c:3007:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tcl_cmd+8+nlen, "}");
data/gtkwave-3.3.104/src/tcl_helper.h:45:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mult_len = strlen(mult_entry); \
data/gtkwave-3.3.104/src/tcl_helper.h:49:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sing_len = strlen(one_entry); \
data/gtkwave-3.3.104/src/tcl_np.c:344:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(libname, TCL_LIB_FILE, MAX_PATH);
data/gtkwave-3.3.104/src/tcl_support_commands.c:160:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->u.str, v.str, arg) ;
data/gtkwave-3.3.104/src/tcl_support_commands.c:305:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) ;
data/gtkwave-3.3.104/src/tcl_support_commands.c:327:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = (p1) ? (unsigned int)(p1 - p) : strlen(p) ;
data/gtkwave-3.3.104/src/tcl_support_commands.c:439:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/gtkwave-3.3.104/src/timeentry.c:103:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((newhi>GLOBALS->max_time) || (!strlen(entry_text))) /* null string makes max time */
data/gtkwave-3.3.104/src/translate.c:84:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n->item = strcpy(malloc_2(strlen(i)+1), i);
data/gtkwave-3.3.104/src/translate.c:85:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(trans) n->trans = strcpy(malloc_2(strlen(trans)+1), trans);
data/gtkwave-3.3.104/src/translate.c:376:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->filesel_filter[GLOBALS->num_file_filters] = malloc_2(strlen(*GLOBALS->fileselbox_text) + 1);
data/gtkwave-3.3.104/src/translate.c:589:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->filesel_filter[GLOBALS->num_file_filters] = malloc_2(strlen(name) + 1);
data/gtkwave-3.3.104/src/tree.c:372:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2=(char *)malloc_2(strlen(s)+strlen(t->name)+2);
data/gtkwave-3.3.104/src/tree.c:372:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s2=(char *)malloc_2(strlen(s)+strlen(t->name)+2);
data/gtkwave-3.3.104/src/tree.c:374:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s2,".");
data/gtkwave-3.3.104/src/tree.c:413:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(tmp3)+4);
data/gtkwave-3.3.104/src/tree.c:420:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp=wave_alloca(strlen(t2->name)+4);
data/gtkwave-3.3.104/src/tree.c:442:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen = strlen(t2->name) + 2 + 1 + strlen(sc) + 1 + 1;
data/gtkwave-3.3.104/src/tree.c:442:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen = strlen(t2->name) + 2 + 1 + strlen(sc) + 1 + 1;
data/gtkwave-3.3.104/src/tree_component.c:34:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(Index);
data/gtkwave-3.3.104/src/tree_component.c:87:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(Index);
data/gtkwave-3.3.104/src/treesearch_gtk1.c:137:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(entry_text))) GLOBALS->entrybox_text_local_treesearch_gtk1_c=NULL;
data/gtkwave-3.3.104/src/treesearch_gtk1.c:226:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(GLOBALS->entrybox_text_local_treesearch_gtk1_c))
data/gtkwave-3.3.104/src/treesearch_gtk2.c:201:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=(char *)malloc_2(strlen(p)+4);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:210:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=(char *)malloc_2(strlen(p)+4);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:317:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namlen = strlen(name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:441:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (strlen(t->name) + 1);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:529:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namlen = strlen(name);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:626:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += (strlen(t->name) + 1);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:708:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->filter_str_treesearch_gtk2_c_1 = malloc_2(strlen(t) + 1);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:720:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen = strlen(vardir_strings[i]);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:740:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tlen = strlen(vardir_strings[i]);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:811:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(len=strlen(entry_text))) GLOBALS->entrybox_text_local_treesearch_gtk2_c_3=NULL;
data/gtkwave-3.3.104/src/treesearch_gtk2.c:1233:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *sstr = wave_alloca(strlen(GLOBALS->selected_hierarchy_name) + strlen(GLOBALS->selected_sig_name) + 1);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:1233:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *sstr = wave_alloca(strlen(GLOBALS->selected_hierarchy_name) + strlen(GLOBALS->selected_sig_name) + 1);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2098:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_selection_data_set(selection_data,GDK_SELECTION_TYPE_STRING, 8, (guchar*)text, strlen(text));
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2111:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int textlen = strlen(text);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2112:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int text2len = strlen(text2);
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2123:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_selection_data_set(selection_data,GDK_SELECTION_TYPE_STRING, 8, (guchar*)text, strlen(text));
data/gtkwave-3.3.104/src/treesearch_gtk2.c:2133:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_selection_data_set(selection_data,GDK_SELECTION_TYPE_STRING, 8, (guchar*)text, strlen(text));
data/gtkwave-3.3.104/src/ttranslate.c:135:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg = name + strlen(exec_name);
data/gtkwave-3.3.104/src/ttranslate.c:143:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > 0) {
data/gtkwave-3.3.104/src/ttranslate.c:145:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = strlen(arg) - 1;
data/gtkwave-3.3.104/src/ttranslate.c:155:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = (char *)malloc_2(strlen(exec_name)+6+1);
data/gtkwave-3.3.104/src/ttranslate.c:161:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(abs_path) == 0)||(!result))
data/gtkwave-3.3.104/src/ttranslate.c:377:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->ttranssel_filter[GLOBALS->num_ttrans_filters] = malloc_2(strlen(*GLOBALS->fileselbox_text) + 1);
data/gtkwave-3.3.104/src/ttranslate.c:611:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GLOBALS->ttranssel_filter[GLOBALS->num_ttrans_filters] = malloc_2(strlen(name) + 1);
data/gtkwave-3.3.104/src/ttranslate.c:709:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(sp);
data/gtkwave-3.3.104/src/ttranslate.c:767:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(sp);
data/gtkwave-3.3.104/src/ttranslate.c:807:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(sp);
data/gtkwave-3.3.104/src/twinwave.c:208:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen += strlen(arglist[idx]);
data/gtkwave-3.3.104/src/twinwave.c:215:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mylist, " ");
data/gtkwave-3.3.104/src/twinwave.c:280:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen += strlen(arglist[idx]);
data/gtkwave-3.3.104/src/twinwave.c:287:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mylist, " ");
data/gtkwave-3.3.104/src/vcd.c:583:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vst=malloc_2(strlen(GLOBALS->varsplit_vcd_c_1)+1);
data/gtkwave-3.3.104/src/vcd.c:728:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->len=strlen(str);
data/gtkwave-3.3.104/src/vcd.c:2212:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen=strlen(v->name);
data/gtkwave-3.3.104/src/vcd.c:2222:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((vprime=bsearch_vcd(v->id, strlen(v->id)))!=v) /* hash mish means dup net */
data/gtkwave-3.3.104/src/vcd.c:2268:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_len = strlen(str); if(ss_len >= longest) { longest = ss_len + 1; }
data/gtkwave-3.3.104/src/vcd.c:2375:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_len = strlen(str); if(ss_len >= longest) { longest = ss_len + 1; }
data/gtkwave-3.3.104/src/vcd.c:2482:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(subst))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/vcd.c:2625:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen=strlen(WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/vcd.c:2626:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=wave_alloca(strlen(fname)+dlen+1);
data/gtkwave-3.3.104/src/vcd_partial.c:559:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vst=malloc_2(strlen(GLOBALS->varsplit_vcd_partial_c_2)+1);
data/gtkwave-3.3.104/src/vcd_partial.c:2054:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen=strlen(v->name);
data/gtkwave-3.3.104/src/vcd_partial.c:2064:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((vprime=bsearch_vcd(v->id, strlen(v->id)))!=v) /* hash mish means dup net */
data/gtkwave-3.3.104/src/vcd_partial.c:2110:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_len = strlen(str); if(ss_len >= longest) { longest = ss_len + 1; }
data/gtkwave-3.3.104/src/vcd_partial.c:2217:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_len = strlen(str); if(ss_len >= longest) { longest = ss_len + 1; }
data/gtkwave-3.3.104/src/vcd_recoder.c:502:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(GLOBALS->vlist_handle);
data/gtkwave-3.3.104/src/vcd_recoder.c:766:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((/* vprime= */ bsearch_vcd(v->id, strlen(v->id)))==v) /* hash mish means dup net */ /* scan-build */
data/gtkwave-3.3.104/src/vcd_recoder.c:1089:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vst=malloc_2(strlen(GLOBALS->varsplit_vcd_recoder_c_3)+1);
data/gtkwave-3.3.104/src/vcd_recoder.c:2447:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen=strlen(v->name);
data/gtkwave-3.3.104/src/vcd_recoder.c:2457:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((vprime=bsearch_vcd(v->id, strlen(v->id)))!=v) /* hash mish means dup net */
data/gtkwave-3.3.104/src/vcd_recoder.c:2503:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_len = strlen(str); if(ss_len >= longest) { longest = ss_len + 1; }
data/gtkwave-3.3.104/src/vcd_recoder.c:2611:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_len = strlen(str); if(ss_len >= longest) { longest = ss_len + 1; }
data/gtkwave-3.3.104/src/vcd_recoder.c:2774:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ffname = malloc_2(strlen(fname) + 4 + 1);
data/gtkwave-3.3.104/src/vcd_recoder.c:2815:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen=strlen(WAVE_DECOMPRESSOR);
data/gtkwave-3.3.104/src/vcd_recoder.c:2816:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=wave_alloca(strlen(fname)+dlen+1);
data/gtkwave-3.3.104/src/vcd_saver.c:33:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bSuccess = WriteFile((HANDLE)sfd, buf, strlen(buf), &dwWritten, NULL);
data/gtkwave-3.3.104/src/vcd_saver.c:694:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vec_slen = strlen(vec);
data/gtkwave-3.3.104/src/vcd_saver.c:1011:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = calloc_2(1, strlen(nh_curr->name) + 1 + 1);
data/gtkwave-3.3.104/src/vcd_saver.c:1223:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/gtkwave-3.3.104/src/vlist.c:36:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fname = malloc_2(strlen(GLOBALS->loaded_file_name) + 4 + 1);
data/gtkwave-3.3.104/src/vlist.c:88:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/vlist.c:99:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/vlist.c:110:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/vlist.c:121:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(f);
data/gtkwave-3.3.104/src/vzt.c:94:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fnam);
data/gtkwave-3.3.104/src/vzt.c:108:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fnam);
data/gtkwave-3.3.104/src/vzt.c:186:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str=malloc_2(strlen(f_name[(i)&F_NAME_MODULUS])+1);
data/gtkwave-3.3.104/src/vzt.c:242:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(GLOBALS->facs[i]->name))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/vzt.c:340:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len=strlen(subst=GLOBALS->facs[i]->name))>GLOBALS->longestname) GLOBALS->longestname=len;
data/gtkwave-3.3.104/src/vzt.c:498:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = malloc_2(strlen(*value)+1);
data/gtkwave-3.3.104/src/wavewindow.c:2041:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = ptr + strlen(ptr);
data/gtkwave-3.3.104/src/wavewindow.c:2047:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = ptr + strlen(ptr+1) + 1;
data/gtkwave-3.3.104/src/wavewindow.c:2048:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ptr,"\'");
data/gtkwave-3.3.104/src/wavewindow.c:2050:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = ptr + strlen(ptr); /* really needed for aet2 only */
data/gtkwave-3.3.104/src/wavewindow.c:2084:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = ptr + strlen(ptr);
data/gtkwave-3.3.104/src/wavewindow.c:2088:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = ptr + strlen(ptr);
data/gtkwave-3.3.104/src/wavewindow.c:2357:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2=(char *)malloc_2(strlen(str)+2);
data/gtkwave-3.3.104/src/wavewindow.c:2425:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2=(char *)malloc_2(strlen(str)+2);
data/gtkwave-3.3.104/src/wavewindow.c:2637:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2=(char *)malloc_2(strlen(str)+2);
data/gtkwave-3.3.104/src/wavewindow.c:2701:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str2=(char *)malloc_2(strlen(str)+2);
data/gtkwave-3.3.104/src/wavewindow.c:2986:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(timebuff, "0");
ANALYSIS SUMMARY:
Hits = 2885
Lines analyzed = 183886 in approximately 4.80 seconds (38301 lines/second)
Physical Source Lines of Code (SLOC) = 142304
Hits@level = [0] 1565 [1] 760 [2] 1043 [3] 63 [4] 1017 [5] 2
Hits@level+ = [0+] 4450 [1+] 2885 [2+] 2125 [3+] 1082 [4+] 1019 [5+] 2
Hits/KSLOC@level+ = [0+] 31.2711 [1+] 20.2735 [2+] 14.9328 [3+] 7.60344 [4+] 7.16073 [5+] 0.0140544
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.