Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/preferences.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/io.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/unknowndictionary.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/morphology.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/libwaei.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/result.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/word.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/search.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/history-private.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/regex.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/dictionarylist.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/dictionary-private.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/history.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/edictionary.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/definitions.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/query.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/range.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/utilities.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/vocabulary.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/dictionarylist-private.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/dictionary-installer.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/dictionary-callbacks.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/kanjidictionary.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/dictionary.h
Examining data/gwaei-3.6.2/src/libwaei/include/libwaei/exampledictionary.h
Examining data/gwaei-3.6.2/src/libwaei/regex.c
Examining data/gwaei-3.6.2/src/libwaei/result.c
Examining data/gwaei-3.6.2/src/libwaei/unknowndictionary.c
Examining data/gwaei-3.6.2/src/libwaei/query.c
Examining data/gwaei-3.6.2/src/libwaei/preferences.c
Examining data/gwaei-3.6.2/src/libwaei/morphology.c
Examining data/gwaei-3.6.2/src/libwaei/vocabulary.c
Examining data/gwaei-3.6.2/src/libwaei/search.c
Examining data/gwaei-3.6.2/src/libwaei/word.c
Examining data/gwaei-3.6.2/src/libwaei/libwaei.c
Examining data/gwaei-3.6.2/src/libwaei/range.c
Examining data/gwaei-3.6.2/src/libwaei/history.c
Examining data/gwaei-3.6.2/src/libwaei/dictionary-installer.c
Examining data/gwaei-3.6.2/src/libwaei/kanjidictionary.c
Examining data/gwaei-3.6.2/src/libwaei/utilities.c
Examining data/gwaei-3.6.2/src/libwaei/edictionary.c
Examining data/gwaei-3.6.2/src/libwaei/io.c
Examining data/gwaei-3.6.2/src/libwaei/dictionarylist.c
Examining data/gwaei-3.6.2/src/libwaei/dictionary.c
Examining data/gwaei-3.6.2/src/libwaei/exampledictionary.c
Examining data/gwaei-3.6.2/src/libwaei/dictionary-callbacks.c
Examining data/gwaei-3.6.2/src/waei/include/waei/console-callbacks.h
Examining data/gwaei-3.6.2/src/waei/include/waei/search-data.h
Examining data/gwaei-3.6.2/src/waei/include/waei/console.h
Examining data/gwaei-3.6.2/src/waei/include/waei/console-output.h
Examining data/gwaei-3.6.2/src/waei/include/waei/waei.h
Examining data/gwaei-3.6.2/src/waei/include/waei/gettext.h
Examining data/gwaei-3.6.2/src/waei/include/waei/application.h
Examining data/gwaei-3.6.2/src/waei/include/waei/application-private.h
Examining data/gwaei-3.6.2/src/waei/waei.c
Examining data/gwaei-3.6.2/src/waei/console-output.c
Examining data/gwaei-3.6.2/src/waei/search-data.c
Examining data/gwaei-3.6.2/src/waei/application.c
Examining data/gwaei-3.6.2/src/waei/console.c
Examining data/gwaei-3.6.2/src/waei/console-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/kanjipadwindow.c
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/addvocabularywindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/texttagtable.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/search-data.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularywindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/spellcheck.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/flashcardwindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/radicalswindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/searchwindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularywindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipad-drawingarea.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularyliststore-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/spellcheck-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/flashcardstore-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/dictionaryinstallwindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipadwindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/history-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/gwaei.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/addvocabularywindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/installprogresswindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/installprogresswindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/searchwindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularywindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/window-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/dictionarylist-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/dictionarylist.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/spellcheck-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/window-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/printing.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/dictionaryinstallwindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/flashcardstore.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/radicalswindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/history.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/radicalswindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/application-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/settingswindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/dictionaryinstallwindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularywordstore-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/flashcardwindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipadwindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/texttagtable-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularyliststore.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/settingswindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/vocabularywordstore.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/application.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/pluginmanager.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/dictionarylist-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/application-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/searchwindow-output.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipad-candidatearea.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipadwindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/window.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/flashcardwindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/settingswindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/installprogresswindow.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/addvocabularywindow-callbacks.h
Examining data/gwaei-3.6.2/src/gwaei/include/gwaei/searchwindow-private.h
Examining data/gwaei-3.6.2/src/gwaei/searchwindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/settingswindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/addvocabularywindow.c
Examining data/gwaei-3.6.2/src/gwaei/radicalswindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/flashcardwindow.c
Examining data/gwaei-3.6.2/src/gwaei/installprogresswindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/application-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/texttagtable.c
Examining data/gwaei-3.6.2/src/gwaei/dictionaryinstallwindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/radicalswindow.c
Examining data/gwaei-3.6.2/src/gwaei/flashcardstore.c
Examining data/gwaei-3.6.2/src/gwaei/installprogresswindow.c
Examining data/gwaei-3.6.2/src/gwaei/settingswindow.c
Examining data/gwaei-3.6.2/src/gwaei/vocabularyliststore.c
Examining data/gwaei-3.6.2/src/gwaei/kanjipad-drawingarea.c
Examining data/gwaei-3.6.2/src/gwaei/kanjipad-candidatearea.c
Examining data/gwaei-3.6.2/src/gwaei/window.c
Examining data/gwaei-3.6.2/src/gwaei/search-data.c
Examining data/gwaei-3.6.2/src/gwaei/addvocabularywindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/application.c
Examining data/gwaei-3.6.2/src/gwaei/kanjipadwindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/vocabularywindow.c
Examining data/gwaei-3.6.2/src/gwaei/dictionarylist-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/history.c
Examining data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/dictionaryinstallwindow.c
Examining data/gwaei-3.6.2/src/gwaei/searchwindow.c
Examining data/gwaei-3.6.2/src/gwaei/vocabularywordstore.c
Examining data/gwaei-3.6.2/src/gwaei/vocabularywindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/spellcheck.c
Examining data/gwaei-3.6.2/src/gwaei/printing.c
Examining data/gwaei-3.6.2/src/gwaei/gwaei.c
Examining data/gwaei-3.6.2/src/gwaei/flashcardwindow-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/dictionarylist.c
Examining data/gwaei-3.6.2/src/gwaei/window-callbacks.c
Examining data/gwaei-3.6.2/src/gwaei/searchwindow-output.c
Examining data/gwaei-3.6.2/src/kpengine/kpengine.c
Examining data/gwaei-3.6.2/src/kpengine/jstroke/memowrite.h
Examining data/gwaei-3.6.2/src/kpengine/jstroke/jstroke.h
Examining data/gwaei-3.6.2/src/kpengine/jstroke/util.c
Examining data/gwaei-3.6.2/src/kpengine/jstroke/scoring.c
Examining data/gwaei-3.6.2/src/kpengine/jstroke/pilotcompat.h
Examining data/gwaei-3.6.2/src/kpengine/jstroke/jstrokerc.h
Examining data/gwaei-3.6.2/src/kpengine/jstroke/strokedata.h
FINAL RESULTS:
data/gwaei-3.6.2/src/gwaei/flashcardwindow.c:296:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(katakana, hiragana);
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:86:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buffer + start_offset, replacement);
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:87:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buffer, query + end_offset);
data/gwaei-3.6.2/src/libwaei/query.c:358:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buffer, TOKEN);
data/gwaei-3.6.2/src/libwaei/query.c:365:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buffer, TOKEN);
data/gwaei-3.6.2/src/libwaei/utilities.c:410:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, output);
data/gwaei-3.6.2/src/libwaei/utilities.c:1187:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer_ptr, delimitor);
data/gwaei-3.6.2/src/libwaei/utilities.c:1252:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer_ptr, delimitor);
data/gwaei-3.6.2/src/libwaei/utilities.c:1317:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, argv[i]);
data/gwaei-3.6.2/src/libwaei/utilities.c:1494:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_ptr, DELIMITOR);
data/gwaei-3.6.2/src/libwaei/utilities.c:1551:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_ptr, DELIMITOR);
data/gwaei-3.6.2/src/libwaei/utilities.c:1615:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(target_ptr, DELIMITOR);
data/gwaei-3.6.2/src/libwaei/vocabulary.c:66:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, name);
data/gwaei-3.6.2/src/waei/console.c:353:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(message_total, total_results);
data/gwaei-3.6.2/src/waei/console.c:358:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(message_relevant, total_relevant_results);
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:281:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
GRand *random;
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:293:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random != NULL)
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:297:20: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
position = g_rand_int_range (random, 0, children);
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:297:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
position = g_rand_int_range (random, 0, children);
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:312:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_free (random); random = NULL;
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:333:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
GRand *random;
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:345:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random != NULL)
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:349:22: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
position = g_rand_int_range (random, 0, children);
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:349:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
position = g_rand_int_range (random, 0, children);
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:358:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_free (random); random = NULL;
data/gwaei-3.6.2/src/gwaei/vocabularywindow-callbacks.c:593:69: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), g_get_home_dir ());
data/gwaei-3.6.2/src/gwaei/dictionarylist.c:239:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (index < 10) sprintf (shortcutname, "Alt-%d", index);
data/gwaei-3.6.2/src/gwaei/dictionarylist.c:240:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (index < 1000) sprintf (ordernumber, "%d", index);
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:220:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipadwindow-private.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kselected[2];
data/gwaei-3.6.2/src/gwaei/include/gwaei/kanjipadwindow-private.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kanji_candidates[GW_KANJIPADWINDOW_MAX_GUESSES][2];
data/gwaei-3.6.2/src/gwaei/include/gwaei/radicalswindow-private.h:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache[300 * 4];
data/gwaei-3.6.2/src/gwaei/kanjipad-drawingarea.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16];
data/gwaei-3.6.2/src/gwaei/kanjipad-drawingarea.c:105:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "%d", index);
data/gwaei-3.6.2/src/gwaei/kanjipadwindow.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/gwaei-3.6.2/src/gwaei/settingswindow-callbacks.c:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font[50];
data/gwaei-3.6.2/src/gwaei/settingswindow-callbacks.c:530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_color_string[20];
data/gwaei-3.6.2/src/kpengine/jstroke/pilotcompat.h:49:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
#define StrIToA(str, n) sprintf((str),"%ld",(long)(n))
data/gwaei-3.6.2/src/kpengine/jstroke/pilotcompat.h:50:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
#define StrIToH(str, n) sprintf((str),"%lx",(long)(n))
data/gwaei-3.6.2/src/kpengine/jstroke/scoring.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/gwaei-3.6.2/src/kpengine/jstroke/scoring.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cArg[2];
data/gwaei-3.6.2/src/kpengine/kpengine.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *stroke_dicts[MAX_STROKES];
data/gwaei-3.6.2/src/kpengine/kpengine.c:41:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (data_file, "rb");
data/gwaei-3.6.2/src/kpengine/kpengine.c:53:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (fname, "rb");
data/gwaei-3.6.2/src/kpengine/kpengine.c:195:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[2];
data/gwaei-3.6.2/src/libwaei/dictionary.c:344:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (path, "r");
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:220:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/gwaei-3.6.2/src/libwaei/io.c:110:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(_savepath, mode);
data/gwaei-3.6.2/src/libwaei/io.c:169:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
readfd = fopen (SOURCE_PATH, "rb");
data/gwaei-3.6.2/src/libwaei/io.c:170:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writefd = fopen (TARGET_PATH, "wb");
data/gwaei-3.6.2/src/libwaei/io.c:313:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(TARGET_PATH, "wb");
data/gwaei-3.6.2/src/libwaei/io.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX];
data/gwaei-3.6.2/src/libwaei/io.c:390:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = fopen(SOURCE_PATH, "rb");
data/gwaei-3.6.2/src/libwaei/io.c:391:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = fopen(TARGET_PATH, "wb");
data/gwaei-3.6.2/src/libwaei/io.c:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radicals_input[LW_IO_MAX_FGETS_LINE];
data/gwaei-3.6.2/src/libwaei/io.c:443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kanji_input[LW_IO_MAX_FGETS_LINE];
data/gwaei-3.6.2/src/libwaei/io.c:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[LW_IO_MAX_FGETS_LINE * 2];
data/gwaei-3.6.2/src/libwaei/io.c:453:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
kanji_file = fopen(KANJI_DICTIONARY_PATH, "r");
data/gwaei-3.6.2/src/libwaei/io.c:454:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
radicals_file = fopen(RADICALS_DICTIONARY_PATH, "r");
data/gwaei-3.6.2/src/libwaei/io.c:455:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_file = fopen(OUTPUT_PATH, "w");
data/gwaei-3.6.2/src/libwaei/io.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LW_IO_MAX_FGETS_LINE];
data/gwaei-3.6.2/src/libwaei/io.c:599:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inputf = fopen(INPUT_NAMES_PLACES_PATH, "r");
data/gwaei-3.6.2/src/libwaei/io.c:605:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
placesf = fopen(OUTPUT_PLACES_PATH, "w");
data/gwaei-3.6.2/src/libwaei/io.c:609:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
namesf = fopen(OUTPUT_NAMES_PATH, "w");
data/gwaei-3.6.2/src/libwaei/io.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX];
data/gwaei-3.6.2/src/libwaei/io.c:678:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
target = fopen(TARGET_PATH, "wb");
data/gwaei-3.6.2/src/libwaei/io.c:733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_CHUNK];
data/gwaei-3.6.2/src/libwaei/io.c:738:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(URI, "rb");
data/gwaei-3.6.2/src/libwaei/io.c:763:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_CHUNK];
data/gwaei-3.6.2/src/libwaei/io.c:782:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(in->uri, "rb");
data/gwaei-3.6.2/src/libwaei/io.c:832:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_CHUNK];
data/gwaei-3.6.2/src/libwaei/io.c:847:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(out->uri, "wb");
data/gwaei-3.6.2/src/libwaei/io.c:913:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (URI, "r");
data/gwaei-3.6.2/src/libwaei/utilities.c:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[strlen(input) + 1];
data/gwaei-3.6.2/src/libwaei/utilities.c:635:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "きゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:637:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "きゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:639:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "きょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:653:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぎゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:655:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぎゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:657:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぎょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:672:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "しゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:674:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "しゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:676:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "しょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:691:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "じゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:694:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "じゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:697:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "じょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:712:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ちゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:714:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ちゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:716:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ちょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:730:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぢゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:732:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぢゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:734:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぢょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:749:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "にゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:751:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "にゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:753:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "にょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:768:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ひゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:770:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ひゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:772:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ひょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:786:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "びゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:788:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "びゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:790:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "びょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:804:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぴゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:806:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぴゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:808:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ぴょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:823:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "みゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:825:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "みゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:827:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "みょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:850:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "りゃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:852:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "りゅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:854:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "りょ");
data/gwaei-3.6.2/src/libwaei/utilities.c:860:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "うぃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:862:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "うぇ");
data/gwaei-3.6.2/src/libwaei/utilities.c:867:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "う゛ぁ");
data/gwaei-3.6.2/src/libwaei/utilities.c:869:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "う゛ぃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:871:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "う゛ぇ");
data/gwaei-3.6.2/src/libwaei/utilities.c:873:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "う゛ぉ");
data/gwaei-3.6.2/src/libwaei/utilities.c:889:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ふぁ");
data/gwaei-3.6.2/src/libwaei/utilities.c:891:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ふぃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:893:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ふぇ");
data/gwaei-3.6.2/src/libwaei/utilities.c:895:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output, "ふぉ");
data/gwaei-3.6.2/src/libwaei/vocabulary.c:129:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen (uri, "r");
data/gwaei-3.6.2/src/libwaei/vocabulary.c:171:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen (uri, "w");
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:220:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/gwaei-3.6.2/src/gwaei/addvocabularywindow.c:342:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_kanji = (strlen (kanji) > 0);
data/gwaei-3.6.2/src/gwaei/addvocabularywindow.c:343:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_furigana = (strlen (furigana) > 0);
data/gwaei-3.6.2/src/gwaei/addvocabularywindow.c:344:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_definitions = (strlen (definitions) > 0);
data/gwaei-3.6.2/src/gwaei/addvocabularywindow.c:345:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_list = (strlen (list) > 0);
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:242:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path != NULL && question != NULL && strlen (question) && answer != NULL && strlen (answer))
data/gwaei-3.6.2/src/gwaei/flashcardstore.c:242:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path != NULL && question != NULL && strlen (question) && answer != NULL && strlen (answer))
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:206:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:252:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/gwaei-3.6.2/src/gwaei/include/gwaei/gettext.h:253:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/gwaei-3.6.2/src/gwaei/kanjipad-candidatearea.c:389:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(priv->kselected, priv->kanji_candidates[j], 2);
data/gwaei-3.6.2/src/gwaei/radicalswindow.c:550:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (radical_ptr != NULL) length += strlen (radical_ptr);
data/gwaei-3.6.2/src/gwaei/radicalswindow.c:608:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen (text);
data/gwaei-3.6.2/src/gwaei/searchwindow-callbacks.c:1060:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (query, gtk_entry_get_text (priv->entry), 50);
data/gwaei-3.6.2/src/gwaei/searchwindow-callbacks.c:1067:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(query) == 0 || dictionary == NULL)
data/gwaei-3.6.2/src/gwaei/searchwindow-callbacks.c:1361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text != NULL && strlen(text) > 0)
data/gwaei-3.6.2/src/gwaei/searchwindow-callbacks.c:2014:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text_query != NULL && strlen(text_query) > 0)
data/gwaei-3.6.2/src/gwaei/searchwindow-output.c:90:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (furigana == NULL || strlen (furigana) == 0)
data/gwaei-3.6.2/src/gwaei/searchwindow.c:446:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_editable_set_position (GTK_EDITABLE (priv->entry), start + strlen(TEXT));
data/gwaei-3.6.2/src/gwaei/searchwindow.c:1179:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (priv->keep_searching_delay >= GW_SEARCHWINDOW_KEEP_SEARCHING_MAX_DELAY || strlen(query) == 0)
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:81:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = g_new (gchar, strlen(replacement) + strlen(query));
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:81:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = g_new (gchar, strlen(replacement) + strlen(query));
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:85:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, query, start_offset);
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:90:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (index >= start_offset + strlen(replacement))
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:91:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index += strlen(buffer) - strlen(query);
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:91:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index += strlen(buffer) - strlen(query);
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:223:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start_offset += strlen(*iter) + 1;
data/gwaei-3.6.2/src/gwaei/spellcheck-callbacks.c:226:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*iter != NULL) end_offset = start_offset + strlen(*iter);
data/gwaei-3.6.2/src/gwaei/spellcheck.c:140:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (locale);
data/gwaei-3.6.2/src/gwaei/spellcheck.c:231:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (priv->handle == NULL && strncmp("auto", preferred, strlen("auto")) != 0)
data/gwaei-3.6.2/src/gwaei/spellcheck.c:235:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (priv->handle == NULL && strncmp("en", locale, strlen("en")) == 0)
data/gwaei-3.6.2/src/gwaei/spellcheck.c:815:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*iter != NULL && start_offset + strlen(*iter) < index)
data/gwaei-3.6.2/src/gwaei/spellcheck.c:817:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start_offset += strlen(*iter) + 1;
data/gwaei-3.6.2/src/gwaei/spellcheck.c:821:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end_offset = start_offset + strlen(*iter);
data/gwaei-3.6.2/src/gwaei/window.c:375:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*ptr != NULL && strncmp(*ptr, NAME, strlen(NAME)) != 0) ptr++;
data/gwaei-3.6.2/src/gwaei/window.c:426:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*ptr != NULL && strncmp(*ptr, NAME, strlen(NAME)) != 0) ptr++;
data/gwaei-3.6.2/src/kpengine/jstroke/pilotcompat.h:48:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define StrLen strlen
data/gwaei-3.6.2/src/kpengine/kpengine.c:140:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen(buffer) == buflen - 1) && (buffer[buflen-2] != '\n'))
data/gwaei-3.6.2/src/libwaei/dictionary.c:365:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = TYPENAME + strlen("Lw");
data/gwaei-3.6.2/src/libwaei/dictionary.c:366:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = TYPENAME + strlen(TYPENAME) - strlen("Dictionary");
data/gwaei-3.6.2/src/libwaei/dictionary.c:366:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = TYPENAME + strlen(TYPENAME) - strlen("Dictionary");
data/gwaei-3.6.2/src/libwaei/edictionary.c:204:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) bytes_read += strlen(result->text);
data/gwaei-3.6.2/src/libwaei/edictionary.c:208:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes_read += strlen(result->text);
data/gwaei-3.6.2/src/libwaei/exampledictionary.c:204:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(result->text);
data/gwaei-3.6.2/src/libwaei/exampledictionary.c:235:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(ptr);
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:206:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:252:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/gwaei-3.6.2/src/libwaei/include/libwaei/gettext.h:253:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/gwaei-3.6.2/src/libwaei/io.c:160:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read, source_bytes_left, target_bytes_left;
data/gwaei-3.6.2/src/libwaei/io.c:177:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source_bytes_left = read;
data/gwaei-3.6.2/src/libwaei/io.c:473:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curpos += strlen (kanji_input);
data/gwaei-3.6.2/src/libwaei/io.c:629:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curpos += strlen(buffer);
data/gwaei-3.6.2/src/libwaei/io.c:666:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read;
data/gwaei-3.6.2/src/libwaei/io.c:683:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0)
data/gwaei-3.6.2/src/libwaei/io.c:689:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fwrite(buffer, sizeof(char), read, target);
data/gwaei-3.6.2/src/libwaei/io.c:691:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while (read > 0);
data/gwaei-3.6.2/src/libwaei/kanjidictionary.c:188:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) bytes_read += strlen(result->text);
data/gwaei-3.6.2/src/libwaei/kanjidictionary.c:192:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytes_read += strlen(result->text);
data/gwaei-3.6.2/src/libwaei/morphology.c:255:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_form[strlen(base_form) - 3] = '\0';
data/gwaei-3.6.2/src/libwaei/preferences.c:394:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(output, value, n);
data/gwaei-3.6.2/src/libwaei/unknowndictionary.c:160:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptr != NULL) bytes_read += strlen(result->text);
data/gwaei-3.6.2/src/libwaei/utilities.c:383:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char output[strlen(input) + 1];
data/gwaei-3.6.2/src/libwaei/utilities.c:580:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(input) == 1
data/gwaei-3.6.2/src/libwaei/utilities.c:597:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ん");
data/gwaei-3.6.2/src/libwaei/utilities.c:600:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(buffer_ptr) == 1 &&
data/gwaei-3.6.2/src/libwaei/utilities.c:609:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "っ");
data/gwaei-3.6.2/src/libwaei/utilities.c:612:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "あ");
data/gwaei-3.6.2/src/libwaei/utilities.c:614:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "い");
data/gwaei-3.6.2/src/libwaei/utilities.c:616:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "う");
data/gwaei-3.6.2/src/libwaei/utilities.c:618:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "え");
data/gwaei-3.6.2/src/libwaei/utilities.c:620:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "お");
data/gwaei-3.6.2/src/libwaei/utilities.c:624:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "か");
data/gwaei-3.6.2/src/libwaei/utilities.c:626:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "き");
data/gwaei-3.6.2/src/libwaei/utilities.c:628:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "く");
data/gwaei-3.6.2/src/libwaei/utilities.c:630:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "け");
data/gwaei-3.6.2/src/libwaei/utilities.c:632:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "こ");
data/gwaei-3.6.2/src/libwaei/utilities.c:642:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "が");
data/gwaei-3.6.2/src/libwaei/utilities.c:644:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぎ");
data/gwaei-3.6.2/src/libwaei/utilities.c:646:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぐ");
data/gwaei-3.6.2/src/libwaei/utilities.c:648:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "げ");
data/gwaei-3.6.2/src/libwaei/utilities.c:650:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ご");
data/gwaei-3.6.2/src/libwaei/utilities.c:661:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "さ");
data/gwaei-3.6.2/src/libwaei/utilities.c:663:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "し");
data/gwaei-3.6.2/src/libwaei/utilities.c:665:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "す");
data/gwaei-3.6.2/src/libwaei/utilities.c:667:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "せ");
data/gwaei-3.6.2/src/libwaei/utilities.c:669:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "そ");
data/gwaei-3.6.2/src/libwaei/utilities.c:679:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ざ");
data/gwaei-3.6.2/src/libwaei/utilities.c:681:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "じ");
data/gwaei-3.6.2/src/libwaei/utilities.c:683:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ず");
data/gwaei-3.6.2/src/libwaei/utilities.c:685:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぜ");
data/gwaei-3.6.2/src/libwaei/utilities.c:687:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぞ");
data/gwaei-3.6.2/src/libwaei/utilities.c:701:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "た");
data/gwaei-3.6.2/src/libwaei/utilities.c:703:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ち");
data/gwaei-3.6.2/src/libwaei/utilities.c:705:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "つ");
data/gwaei-3.6.2/src/libwaei/utilities.c:707:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "て");
data/gwaei-3.6.2/src/libwaei/utilities.c:709:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "と");
data/gwaei-3.6.2/src/libwaei/utilities.c:719:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "だ");
data/gwaei-3.6.2/src/libwaei/utilities.c:721:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぢ");
data/gwaei-3.6.2/src/libwaei/utilities.c:723:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "づ");
data/gwaei-3.6.2/src/libwaei/utilities.c:725:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "で");
data/gwaei-3.6.2/src/libwaei/utilities.c:727:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ど");
data/gwaei-3.6.2/src/libwaei/utilities.c:738:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "な");
data/gwaei-3.6.2/src/libwaei/utilities.c:740:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "に");
data/gwaei-3.6.2/src/libwaei/utilities.c:742:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぬ");
data/gwaei-3.6.2/src/libwaei/utilities.c:744:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ね");
data/gwaei-3.6.2/src/libwaei/utilities.c:746:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "の");
data/gwaei-3.6.2/src/libwaei/utilities.c:757:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "は");
data/gwaei-3.6.2/src/libwaei/utilities.c:759:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ひ");
data/gwaei-3.6.2/src/libwaei/utilities.c:761:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ふ");
data/gwaei-3.6.2/src/libwaei/utilities.c:763:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "へ");
data/gwaei-3.6.2/src/libwaei/utilities.c:765:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ほ");
data/gwaei-3.6.2/src/libwaei/utilities.c:775:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ば");
data/gwaei-3.6.2/src/libwaei/utilities.c:777:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "び");
data/gwaei-3.6.2/src/libwaei/utilities.c:779:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぶ");
data/gwaei-3.6.2/src/libwaei/utilities.c:781:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "べ");
data/gwaei-3.6.2/src/libwaei/utilities.c:783:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぼ");
data/gwaei-3.6.2/src/libwaei/utilities.c:793:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぱ");
data/gwaei-3.6.2/src/libwaei/utilities.c:795:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぴ");
data/gwaei-3.6.2/src/libwaei/utilities.c:797:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぷ");
data/gwaei-3.6.2/src/libwaei/utilities.c:799:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぺ");
data/gwaei-3.6.2/src/libwaei/utilities.c:801:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぽ");
data/gwaei-3.6.2/src/libwaei/utilities.c:812:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ま");
data/gwaei-3.6.2/src/libwaei/utilities.c:814:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "み");
data/gwaei-3.6.2/src/libwaei/utilities.c:816:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "む");
data/gwaei-3.6.2/src/libwaei/utilities.c:818:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "め");
data/gwaei-3.6.2/src/libwaei/utilities.c:820:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "も");
data/gwaei-3.6.2/src/libwaei/utilities.c:831:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "や");
data/gwaei-3.6.2/src/libwaei/utilities.c:833:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ゆ");
data/gwaei-3.6.2/src/libwaei/utilities.c:835:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "よ");
data/gwaei-3.6.2/src/libwaei/utilities.c:839:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ら");
data/gwaei-3.6.2/src/libwaei/utilities.c:841:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "り");
data/gwaei-3.6.2/src/libwaei/utilities.c:843:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "る");
data/gwaei-3.6.2/src/libwaei/utilities.c:845:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "れ");
data/gwaei-3.6.2/src/libwaei/utilities.c:847:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ろ");
data/gwaei-3.6.2/src/libwaei/utilities.c:858:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "わ");
data/gwaei-3.6.2/src/libwaei/utilities.c:864:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "を");
data/gwaei-3.6.2/src/libwaei/utilities.c:877:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぁ");
data/gwaei-3.6.2/src/libwaei/utilities.c:879:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぃ");
data/gwaei-3.6.2/src/libwaei/utilities.c:881:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぅ");
data/gwaei-3.6.2/src/libwaei/utilities.c:883:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぇ");
data/gwaei-3.6.2/src/libwaei/utilities.c:885:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ぉ");
data/gwaei-3.6.2/src/libwaei/utilities.c:899:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(output, "ー");
data/gwaei-3.6.2/src/libwaei/utilities.c:948:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kana_ptr = &kana_ptr[strlen(kana_ptr)];
data/gwaei-3.6.2/src/libwaei/utilities.c:951:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (input_ptr != NULL && strlen (input_ptr) == 0);
data/gwaei-3.6.2/src/libwaei/utilities.c:1027:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(ptr, " ", next - ptr);
data/gwaei-3.6.2/src/libwaei/utilities.c:1165:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = (char*) malloc(sizeof(char) * (strlen(string) * 2) + 1); //max size is if there is a delimitor for every character
data/gwaei-3.6.2/src/libwaei/utilities.c:1177:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buffer_ptr, delimitor, strlen(delimitor)) == 0)
data/gwaei-3.6.2/src/libwaei/utilities.c:1188:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_ptr += strlen(delimitor);
data/gwaei-3.6.2/src/libwaei/utilities.c:1236:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = (char*) malloc(sizeof(char) * (strlen(string) * 2) + 1); //max size is if there is a delimitor for every character
data/gwaei-3.6.2/src/libwaei/utilities.c:1253:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_ptr += strlen(delimitor);
data/gwaei-3.6.2/src/libwaei/utilities.c:1306:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen (argv[i]) + 1;
data/gwaei-3.6.2/src/libwaei/utilities.c:1318:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(argv[i]);
data/gwaei-3.6.2/src/libwaei/utilities.c:1322:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ptr, " ");
data/gwaei-3.6.2/src/libwaei/utilities.c:1323:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(" ");
data/gwaei-3.6.2/src/libwaei/utilities.c:1357:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_length += strlen (src_ptr);
data/gwaei-3.6.2/src/libwaei/utilities.c:1396:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = g_new (gchar, strlen(text) + 1);
data/gwaei-3.6.2/src/libwaei/utilities.c:1464:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimitor_length = strlen (DELIMITOR);
data/gwaei-3.6.2/src/libwaei/utilities.c:1480:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = g_new (gchar, strlen(TEXT) + (delimitor_length * count) + 1);
data/gwaei-3.6.2/src/libwaei/utilities.c:1526:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimitor_length = strlen(DELIMITOR);
data/gwaei-3.6.2/src/libwaei/utilities.c:1538:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = g_new (gchar, strlen(TEXT) + (delimitor_length * count) + 1);
data/gwaei-3.6.2/src/libwaei/utilities.c:1586:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimitor_length = strlen(DELIMITOR);
data/gwaei-3.6.2/src/libwaei/utilities.c:1601:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer = g_new (gchar, strlen(TEXT) + (delimitor_length * count) + 1);
data/gwaei-3.6.2/src/libwaei/vocabulary.c:56:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chars += strlen(name) + 1;
data/gwaei-3.6.2/src/libwaei/vocabulary.c:67:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, ";");
data/gwaei-3.6.2/src/libwaei/vocabulary.c:87:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert (NAME != NULL && strlen (NAME) > 0);
data/gwaei-3.6.2/src/libwaei/vocabulary.c:145:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(stream) != '\n' && feof(stream) == 0);
data/gwaei-3.6.2/src/waei/console.c:188:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen(filename); j < 20; j++) printf(" ");
data/gwaei-3.6.2/src/waei/console.c:229:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen(filename); j < 20; j++) printf(" ");
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:206:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:252:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/gwaei-3.6.2/src/waei/include/waei/gettext.h:253:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
ANALYSIS SUMMARY:
Hits = 317
Lines analyzed = 43244 in approximately 0.88 seconds (49059 lines/second)
Physical Source Lines of Code (SLOC) = 29649
Hits@level = [0] 124 [1] 173 [2] 118 [3] 11 [4] 15 [5] 0
Hits@level+ = [0+] 441 [1+] 317 [2+] 144 [3+] 26 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 14.874 [1+] 10.6918 [2+] 4.85682 [3+] 0.876927 [4+] 0.505919 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.