Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout_journals.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibdefs.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibformats.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibl.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibl.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtextypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibutils.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bibutils.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bltypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bu_auth.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/bu_auth.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/charsets.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/charsets.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/copacin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/copactypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/ebiin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/endout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/endtypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/endxmlin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/entities.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/entities.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/fields.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/fields.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030_enumeration.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/generic.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/generic.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/intlist.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/intlist.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/is_ws.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/is_ws.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/isiin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/isiout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/isitypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/iso639_1.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/iso639_1.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/iso639_2.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/iso639_2.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/iso639_3.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/iso639_3.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/latex.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/latex.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/latex_parse.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/latex_parse.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/marc_auth.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/marc_auth.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/medin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/modsin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/modstypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/modstypes.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/name.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/name.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/nbibin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/nbibout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/nbibtypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/notes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/notes.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/pages.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/pages.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/reftypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/reftypes.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/risin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/risout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/ristypes.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/serialno.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/serialno.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/slist.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/slist.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/str.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/strsearch.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/strsearch.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/title.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/title.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/type.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/type.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/unicode.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/unicode.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/url.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/url.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/vplist.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/vplist.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/wordin.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/wordout.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/xml.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/xml.h
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/xml_encoding.c
Examining data/haskell-hs-bibutils-6.10.0.0/bibutils/xml_encoding.h
Examining data/haskell-hs-bibutils-6.10.0.0/cbits/stub.c
FINAL RESULTS:
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:328:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outstr, "%02d/%s", month, str_cstr( year ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:913:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outfile,"%s.%s",(char*)fields_value(reffields,found,FIELDS_CHRP_NOUSE), suffix );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:914:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
} else sprintf( outfile,"%ld.%s",nref, suffix );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:922:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( outfile, "%s_%ld.%s", (char*)fields_value( reffields, found, FIELDS_CHRP_NOUSE ), count, suffix );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:923:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf( outfile,"%ld_%ld.%s", nref, count, suffix );
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:509:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( date, "DATE:%s", date_element );
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:513:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( partdate, "PARTDATE:%s", date_element );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:485:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( date, "DATE:%s", date_element );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:489:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( partdate, "PARTDATE:%s", date_element );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:299:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( isdigit( (unsigned char)m[0] ) ) return atoi( m );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[1000];
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:342:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%I64d", n );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:344:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%lld", n );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstr[20], ch;
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:481:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( outstr, "..................." );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:486:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( n!=FIELDS_NOTFOUND ) output_4digit_value( outstr, atoi( fields_value( in, n, FIELDS_CHRP ) ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:500:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( n!=FIELDS_NOTFOUND ) output_4digit_value( outstr+9, atoi( fields_value( in, n, FIELDS_CHRP ) ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]="";
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:572:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "_%ld", i+1 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[100];
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:621:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "ref%ld", nref );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:898:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[2048];
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[5] = "xml";
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:903:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if ( mode==BIBL_ADSABSOUT ) strcpy( suffix, "ads" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:904:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( mode==BIBL_BIBTEXOUT ) strcpy( suffix, "bib" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:905:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( mode==BIBL_ENDNOTEOUT ) strcpy( suffix, "end" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:906:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( mode==BIBL_ISIOUT ) strcpy( suffix, "isi" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:907:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( mode==BIBL_MODSOUT ) strcpy( suffix, "xml" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:908:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( mode==BIBL_RISOUT ) strcpy( suffix, "ris" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:909:39: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( mode==BIBL_WORD2007OUT ) strcpy( suffix, "xml" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:916:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( outfile, "r" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:924:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( outfile, "r" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibcore.c:926:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen( outfile, "w" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typenames[ NUM_TYPES ] = {
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[100], partdate[100];
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:540:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi( fields_value( in, n, FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typenames[ NUM_TYPES ] = {
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[100], partdate[100];
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *months[12] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:516:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi( fields_value( in, n, FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/charsets.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdname[15];
data/haskell-hs-bibutils-6.10.0.0/bibutils/charsets.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descriptname[200];
data/haskell-hs-bibutils-6.10.0.0/bibutils/charsets.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aliases[CHARSET_NALIASES][25];
data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *month1[12]={
data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *month2[12]={
data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c:424:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( out, "%d", found+1 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c:426:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( out, "0%d", found+1 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tags[3][2] = {
data/haskell-hs-bibutils-6.10.0.0/bibutils/endin.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[10], *m;
data/haskell-hs-bibutils-6.10.0.0/bibutils/endout.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *months[12] = { "January", "February", "March", "April",
data/haskell-hs-bibutils-6.10.0.0/bibutils/endout.c:533:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = atoi( month );
data/haskell-hs-bibutils-6.10.0.0/bibutils/entities.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html[20];
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:34:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gb18030_unicode_table_lookup( unsigned int unicode, unsigned char out[4] )
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:76:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gb18030_unicode_range_lookup( unsigned int unicode, unsigned char out[4] )
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:128:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gb18030_encode( unsigned int unicode, unsigned char out[4] )
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:149:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uc[4];
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:151:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uc[0] = ( unsigned char ) s[i];
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:159:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uc[1] = ( unsigned char ) s[i+1];
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:160:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uc[2] = ( unsigned char ) s[i+2];
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.c:161:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uc[3]= ( unsigned char ) s[i+3];
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030.h:12:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int gb18030_encode( unsigned int unicode, unsigned char out[4] );
data/haskell-hs-bibutils-6.10.0.0/bibutils/gb18030_enumeration.c:5:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4];
data/haskell-hs-bibutils-6.10.0.0/bibutils/isiin.c:80:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !isupper( (unsigned char )buf[0] ) ) return 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/isiin.c:81:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/isiin.c:81:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsin.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *titletag[2][2] = {
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c:387:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
find_datepos( fields *f, int level, unsigned char use_altnames, int datepos[NUM_DATE_TYPES] )
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c:448:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf( outptr, "%s", (char *) fields_value( f, pos[i], FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c:459:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf( outptr, "%s", (char *) fields_value( f, pos[ DATE_ALL ], FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c:665:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf( outptr, "%s", (char *) fields_value( f, parts[0].pos, FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c:669:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf( outptr, "-%s", (char *) fields_value( f, parts[1].pos, FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/modsout.c:675:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf( outptr, "-%s", (char *) fields_value( f, parts[2].pos, FIELDS_CHRP ) );
data/haskell-hs-bibutils-6.10.0.0/bibutils/name.c:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8s[7];
data/haskell-hs-bibutils-6.10.0.0/bibutils/reftypes.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[25];
data/haskell-hs-bibutils-6.10.0.0/bibutils/risin.c:93:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !isupper( (unsigned char )buf[0] ) ) return 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/risin.c:94:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/risin.c:94:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( !( isupper( (unsigned char )buf[1] ) || isdigit( (unsigned char )buf[1] ) ) ) return 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/risout.c:119:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *typenames[ NUM_TYPES ] = {
data/haskell-hs-bibutils-6.10.0.0/bibutils/risout.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *typenames[ NUM_TYPES ] = {
data/haskell-hs-bibutils-6.10.0.0/bibutils/slist.c:741:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( filename, "r" );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[2] = "";
data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.c:27:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "&#%u;", ch );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.c:54:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char code[6];
data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.c:69:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char code[4];
data/haskell-hs-bibutils-6.10.0.0/bibutils/str_conv.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:25:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
utf8_build( unsigned int value, unsigned char out[6], int in_pos, int out_pos )
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:49:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
utf8_encode( unsigned int value, unsigned char out[6] )
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:85:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
utf8_encode_str( unsigned int value, char outstr[7] )
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:87:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encoded[6];
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:91:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
outstr[i] = ( char ) encoded[i];
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:146:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char code[6];
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:172:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char emdash[3] = { -30, -128, -108 };
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.c:184:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char endash[3] = { -30, -128, -109 };
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.h:14:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int utf8_encode( unsigned int value, unsigned char out[6] );
data/haskell-hs-bibutils-6.10.0.0/bibutils/utf8.h:15:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void utf8_encode_str( unsigned int value, char outstr[7] );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:346:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if ( n < 10 ) strncpy( pos+3, buf, 1 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:347:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if ( n < 100 ) strncpy( pos+2, buf, 2 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:348:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else if ( n < 1000 ) strncpy( pos+1, buf, 3 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/adsout.c:349:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
else strncpy( pos, buf, 4 );
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:833:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (value) ? strlen( value ) : 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:853:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( tag );
data/haskell-hs-bibutils-6.10.0.0/bibutils/biblatexout.c:863:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( value );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexin.c:1058:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen( p ) - 1;
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:797:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (value) ? strlen( value ) : 0;
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:817:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( tag );
data/haskell-hs-bibutils-6.10.0.0/bibutils/bibtexout.c:827:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( value );
data/haskell-hs-bibutils-6.10.0.0/bibutils/entities.c:293:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( e );
data/haskell-hs-bibutils-6.10.0.0/bibutils/nbibin.c:176:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( inref && strlen( p ) >= 6 ) {
data/haskell-hs-bibutils-6.10.0.0/bibutils/nbibin.c:400:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( outtag ) > 0 ) {
data/haskell-hs-bibutils-6.10.0.0/bibutils/reftypes.c:25:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strncasecmp( all[i].type, p, strlen(all[i].type) ) )
data/haskell-hs-bibutils-6.10.0.0/bibutils/risout.c:561:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( scheme[i] );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:358:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenaddstr = strlen( addstr );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:369:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( s->data, addstr, lenaddstr );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:389:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( &(s->data[s->len]), addstr, n );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:407:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen( from );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:498:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( s->data, p, n );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:518:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen( from );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:643:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
find_len = strlen( find );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:644:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rep_len = strlen( replace );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:650:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_len = strlen(s->data);
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:1036:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc( fp );
data/haskell-hs-bibutils-6.10.0.0/bibutils/str.c:1043:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc( fp );
data/haskell-hs-bibutils-6.10.0.0/bibutils/url.c:102:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
patlen = strlen( pattern );
data/haskell-hs-bibutils-6.10.0.0/bibutils/url.c:103:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( s ) < patlen ) return 0; /* too short */
data/haskell-hs-bibutils-6.10.0.0/bibutils/wordout.c:302:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( mainttl[ strlen( mainttl ) - 1 ] != '?' )
data/haskell-hs-bibutils-6.10.0.0/bibutils/xml.c:324:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( node->tag.len!=strlen( tag ) ) return 0;
ANALYSIS SUMMARY:
Hits = 130
Lines analyzed = 110361 in approximately 4.22 seconds (26152 lines/second)
Physical Source Lines of Code (SLOC) = 103872
Hits@level = [0] 345 [1] 31 [2] 90 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 475 [1+] 130 [2+] 99 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 4.57294 [1+] 1.25154 [2+] 0.953096 [3+] 0.0866451 [4+] 0.0866451 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.