Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/imgui-1.79+ds/examples/example_allegro5/imconfig_allegro5.h
Examining data/imgui-1.79+ds/examples/example_allegro5/main.cpp
Examining data/imgui-1.79+ds/examples/example_apple_metal/Shared/AppDelegate.h
Examining data/imgui-1.79+ds/examples/example_apple_metal/Shared/Renderer.h
Examining data/imgui-1.79+ds/examples/example_apple_metal/Shared/ViewController.h
Examining data/imgui-1.79+ds/examples/example_emscripten/main.cpp
Examining data/imgui-1.79+ds/examples/example_glfw_opengl2/main.cpp
Examining data/imgui-1.79+ds/examples/example_glfw_opengl3/main.cpp
Examining data/imgui-1.79+ds/examples/example_glfw_vulkan/main.cpp
Examining data/imgui-1.79+ds/examples/example_glut_opengl2/main.cpp
Examining data/imgui-1.79+ds/examples/example_marmalade/main.cpp
Examining data/imgui-1.79+ds/examples/example_null/main.cpp
Examining data/imgui-1.79+ds/examples/example_sdl_directx11/main.cpp
Examining data/imgui-1.79+ds/examples/example_sdl_opengl2/main.cpp
Examining data/imgui-1.79+ds/examples/example_sdl_opengl3/main.cpp
Examining data/imgui-1.79+ds/examples/example_sdl_vulkan/main.cpp
Examining data/imgui-1.79+ds/examples/example_win32_directx10/main.cpp
Examining data/imgui-1.79+ds/examples/example_win32_directx11/main.cpp
Examining data/imgui-1.79+ds/examples/example_win32_directx12/main.cpp
Examining data/imgui-1.79+ds/examples/example_win32_directx9/main.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_allegro5.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_allegro5.h
Examining data/imgui-1.79+ds/examples/imgui_impl_dx10.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_dx10.h
Examining data/imgui-1.79+ds/examples/imgui_impl_dx11.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_dx11.h
Examining data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_dx12.h
Examining data/imgui-1.79+ds/examples/imgui_impl_dx9.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_dx9.h
Examining data/imgui-1.79+ds/examples/imgui_impl_glfw.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_glfw.h
Examining data/imgui-1.79+ds/examples/imgui_impl_glut.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_glut.h
Examining data/imgui-1.79+ds/examples/imgui_impl_marmalade.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_marmalade.h
Examining data/imgui-1.79+ds/examples/imgui_impl_metal.h
Examining data/imgui-1.79+ds/examples/imgui_impl_opengl2.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_opengl2.h
Examining data/imgui-1.79+ds/examples/imgui_impl_opengl3.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_opengl3.h
Examining data/imgui-1.79+ds/examples/imgui_impl_osx.h
Examining data/imgui-1.79+ds/examples/imgui_impl_sdl.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_sdl.h
Examining data/imgui-1.79+ds/examples/imgui_impl_vulkan.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_vulkan.h
Examining data/imgui-1.79+ds/examples/imgui_impl_win32.cpp
Examining data/imgui-1.79+ds/examples/imgui_impl_win32.h
Examining data/imgui-1.79+ds/imconfig.h
Examining data/imgui-1.79+ds/imgui.cpp
Examining data/imgui-1.79+ds/imgui.h
Examining data/imgui-1.79+ds/imgui_demo.cpp
Examining data/imgui-1.79+ds/imgui_draw.cpp
Examining data/imgui-1.79+ds/imgui_internal.h
Examining data/imgui-1.79+ds/imgui_widgets.cpp
Examining data/imgui-1.79+ds/imstb_rectpack.h
Examining data/imgui-1.79+ds/imstb_textedit.h
Examining data/imgui-1.79+ds/imstb_truetype.h
Examining data/imgui-1.79+ds/misc/cpp/imgui_stdlib.cpp
Examining data/imgui-1.79+ds/misc/cpp/imgui_stdlib.h
Examining data/imgui-1.79+ds/misc/freetype/imgui_freetype.cpp
Examining data/imgui-1.79+ds/misc/freetype/imgui_freetype.h
Examining data/imgui-1.79+ds/misc/single_file/imgui_single_file.h
FINAL RESULTS:
data/imgui-1.79+ds/examples/imgui_impl_opengl3.cpp:182:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(g_GlslVersionString, glsl_version);
data/imgui-1.79+ds/imgui.cpp:1364:35: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#if defined(_MSC_VER) && !defined(vsnprintf)
data/imgui-1.79+ds/imgui.cpp:1365:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/imgui-1.79+ds/imgui.cpp:1375:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int w = vsnprintf(buf, buf_size, fmt, args);
data/imgui-1.79+ds/imgui.cpp:1391:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int w = vsnprintf(buf, buf_size, fmt, args);
data/imgui-1.79+ds/imgui.h:82:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define IM_FMTARGS(FMT) __attribute__((format(printf, FMT, FMT+1))) // To apply printf-style warnings to our functions.
data/imgui-1.79+ds/imgui.h:83:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define IM_FMTLIST(FMT) __attribute__((format(printf, FMT, 0)))
data/imgui-1.79+ds/imgui_demo.cpp:120:35: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#if defined(_MSC_VER) && !defined(snprintf)
data/imgui-1.79+ds/imgui_demo.cpp:121:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/imgui-1.79+ds/imgui_demo.cpp:121:21: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/imgui-1.79+ds/imgui_demo.cpp:123:35: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#if defined(_MSC_VER) && !defined(vsnprintf)
data/imgui-1.79+ds/imgui_demo.cpp:124:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/imgui-1.79+ds/imgui_demo.cpp:3065:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Button: %s###Button", name); // ### operator override ID ignoring the preceding label
data/imgui-1.79+ds/imgui_demo.cpp:3570:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "Mouse cursor %d: %s", i, mouse_cursors_names[i]);
data/imgui-1.79+ds/imgui_demo.cpp:4267:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, IM_ARRAYSIZE(buf), fmt, args);
data/imgui-1.79+ds/imgui_demo.cpp:5360:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Save %s", doc->Name);
data/imgui-1.79+ds/imgui_internal.h:161:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define IMGUI_DEBUG_LOG(_FMT,...) printf("[%05d] " _FMT, GImGui->FrameCount, __VA_ARGS__)
data/imgui-1.79+ds/imgui_widgets.cpp:1878:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (op && sscanf(initial_value_buf, format, &arg0i) < 1)
data/imgui-1.79+ds/imgui_widgets.cpp:1884:35: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
else { if (sscanf(buf, format, &arg1i) == 1) *v = arg1i; } // Assign constant
data/imgui-1.79+ds/imgui_widgets.cpp:1892:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (op && sscanf(initial_value_buf, format, &arg0f) < 1)
data/imgui-1.79+ds/imgui_widgets.cpp:1894:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(buf, format, &arg1f) < 1)
data/imgui-1.79+ds/imgui_widgets.cpp:1906:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (op && sscanf(initial_value_buf, format, &arg0f) < 1)
data/imgui-1.79+ds/imgui_widgets.cpp:1908:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(buf, format, &arg1f) < 1)
data/imgui-1.79+ds/imgui_widgets.cpp:1919:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buf, format, p_data);
data/imgui-1.79+ds/imgui_widgets.cpp:1925:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buf, format, &v32);
data/imgui-1.79+ds/examples/example_glfw_vulkan/main.cpp:83:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extensions_ext, extensions, extensions_count * sizeof(const char*));
data/imgui-1.79+ds/examples/example_glfw_vulkan/main.cpp:522:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wd->ClearValue.color.float32[0], &clear_color, 4 * sizeof(float));
data/imgui-1.79+ds/examples/example_sdl_vulkan/main.cpp:75:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extensions_ext, extensions, extensions_count * sizeof(const char*));
data/imgui-1.79+ds/examples/example_sdl_vulkan/main.cpp:523:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wd->ClearValue.color.float32[0], &clear_color, 4 * sizeof(float));
data/imgui-1.79+ds/examples/imgui_impl_allegro5.cpp:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(locked_img->data, pixels, sizeof(int) * width * height);
data/imgui-1.79+ds/examples/imgui_impl_dx10.cpp:140:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtx_dst, cmd_list->VtxBuffer.Data, cmd_list->VtxBuffer.Size * sizeof(ImDrawVert));
data/imgui-1.79+ds/examples/imgui_impl_dx10.cpp:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_dst, cmd_list->IdxBuffer.Data, cmd_list->IdxBuffer.Size * sizeof(ImDrawIdx));
data/imgui-1.79+ds/examples/imgui_impl_dx10.cpp:166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&constant_buffer->mvp, mvp, sizeof(mvp));
data/imgui-1.79+ds/examples/imgui_impl_dx11.cpp:146:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtx_dst, cmd_list->VtxBuffer.Data, cmd_list->VtxBuffer.Size * sizeof(ImDrawVert));
data/imgui-1.79+ds/examples/imgui_impl_dx11.cpp:147:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_dst, cmd_list->IdxBuffer.Data, cmd_list->IdxBuffer.Size * sizeof(ImDrawIdx));
data/imgui-1.79+ds/examples/imgui_impl_dx11.cpp:172:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&constant_buffer->mvp, mvp, sizeof(mvp));
data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vertex_constant_buffer.mvp, mvp, sizeof(mvp));
data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp:204:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtx_dst, cmd_list->VtxBuffer.Data, cmd_list->VtxBuffer.Size * sizeof(ImDrawVert));
data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp:205:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_dst, cmd_list->IdxBuffer.Data, cmd_list->IdxBuffer.Size * sizeof(ImDrawIdx));
data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp:314:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*) ((uintptr_t) mapped + y * uploadPitch), pixels + y * width * 4, width * 4);
data/imgui-1.79+ds/examples/imgui_impl_dx9.cpp:164:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_dst, cmd_list->IdxBuffer.Data, cmd_list->IdxBuffer.Size * sizeof(ImDrawIdx));
data/imgui-1.79+ds/examples/imgui_impl_dx9.cpp:253:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((unsigned char*)tex_locked_rect.pBits + tex_locked_rect.Pitch * y, pixels + (width * bytes_per_pixel) * y, (width * bytes_per_pixel));
data/imgui-1.79+ds/examples/imgui_impl_opengl3.cpp:138:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_GlslVersionString[32] = ""; // Specified by user or detected based on compile time GL settings.
data/imgui-1.79+ds/examples/imgui_impl_vulkan.cpp:363:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vtx_dst, cmd_list->VtxBuffer.Data, cmd_list->VtxBuffer.Size * sizeof(ImDrawVert));
data/imgui-1.79+ds/examples/imgui_impl_vulkan.cpp:364:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idx_dst, cmd_list->IdxBuffer.Data, cmd_list->IdxBuffer.Size * sizeof(ImDrawIdx));
data/imgui-1.79+ds/examples/imgui_impl_vulkan.cpp:540:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map, pixels, upload_size);
data/imgui-1.79+ds/imgui.cpp:1260:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char*)memcpy(buf, (const void*)str, len + 1);
data/imgui-1.79+ds/imgui.cpp:1274:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return (char*)memcpy(dst, (const void*)src, src_size);
data/imgui-1.79+ds/imgui.cpp:1484:34: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
const int filename_wsize = ::MultiByteToWideChar(CP_UTF8, 0, filename, -1, NULL, 0);
data/imgui-1.79+ds/imgui.cpp:1485:30: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
const int mode_wsize = ::MultiByteToWideChar(CP_UTF8, 0, mode, -1, NULL, 0);
data/imgui-1.79+ds/imgui.cpp:1488:7: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar(CP_UTF8, 0, filename, -1, (wchar_t*)&buf[0], filename_wsize);
data/imgui-1.79+ds/imgui.cpp:1489:7: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar(CP_UTF8, 0, mode, -1, (wchar_t*)&buf[filename_wsize], mode_wsize);
data/imgui-1.79+ds/imgui.cpp:1492:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, mode);
data/imgui-1.79+ds/imgui.cpp:2092:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&Buf[write_off - 1], str, (size_t)len);
data/imgui-1.79+ds/imgui.cpp:3840:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g.IO.KeysDownDurationPrev, g.IO.KeysDownDuration, sizeof(g.IO.KeysDownDuration));
data/imgui-1.79+ds/imgui.cpp:4151:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&Layers[0][n], &layer[0], layer.Size * sizeof(ImDrawList*));
data/imgui-1.79+ds/imgui.cpp:4775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/imgui-1.79+ds/imgui.cpp:7635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char window_name[16];
data/imgui-1.79+ds/imgui.cpp:7897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/imgui-1.79+ds/imgui.cpp:8299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/imgui-1.79+ds/imgui.cpp:8643:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(io.NavInputsDownDurationPrev, io.NavInputsDownDuration, sizeof(io.NavInputsDownDuration));
data/imgui-1.79+ds/imgui.cpp:8874:141: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (1) { ImU32 col = (!g.NavWindow->Hidden) ? IM_COL32(255,0,255,255) : IM_COL32(255,0,0,255); ImVec2 p = NavCalcPreferredRefPos(); char buf[32]; ImFormatString(buf, 32, "%d", g.NavLayer); draw_list->AddCircleFilled(p, 3.0f, col); draw_list->AddText(NULL, 13.0f, p + ImVec2(8,-4), col, buf); }
data/imgui-1.79+ds/imgui.cpp:9473:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload.Data, data, data_size);
data/imgui-1.79+ds/imgui.cpp:9480:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload.Data, data, data_size);
data/imgui-1.79+ds/imgui.cpp:9903:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(settings->GetName(), name, name_len + 1); // Store with zero terminator
data/imgui-1.79+ds/imgui.cpp:9968:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ini_data, ini_size);
data/imgui-1.79+ds/imgui.cpp:10016:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ini_data, ini_size);
data/imgui-1.79+ds/imgui.cpp:10189:31: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
const int wbuf_length = ::MultiByteToWideChar(CP_UTF8, 0, text, -1, NULL, 0);
data/imgui-1.79+ds/imgui.cpp:10197:7: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar(CP_UTF8, 0, text, -1, wbuf_global, wbuf_length);
data/imgui-1.79+ds/imgui.cpp:10273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&g.ClipboardHandlerData[0], text, (size_t)(text_end - text));
data/imgui-1.79+ds/imgui.cpp:10447:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/imgui-1.79+ds/imgui.cpp:10544:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open)
data/imgui-1.79+ds/imgui.cpp:10588:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/imgui-1.79+ds/imgui.cpp:10604:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open)
data/imgui-1.79+ds/imgui.cpp:10814:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/imgui-1.79+ds/imgui.h:1403:90: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
inline ImVector<T>& operator=(const ImVector<T>& src) { clear(); resize(src.Size); memcpy(Data, src.Data, (size_t)Size * sizeof(T)); return *this; }
data/imgui-1.79+ds/imgui.h:1427:182: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
inline void resize(int new_size, const T& v) { if (new_size > Capacity) reserve(_grow_capacity(new_size)); if (new_size > Size) for (int n = Size; n < new_size; n++) memcpy(&Data[n], &v, sizeof(v)); Size = new_size; }
data/imgui-1.79+ds/imgui.h:1429:175: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
inline void reserve(int new_capacity) { if (new_capacity <= Capacity) return; T* new_data = (T*)IM_ALLOC((size_t)new_capacity * sizeof(T)); if (Data) { memcpy(new_data, Data, (size_t)Size * sizeof(T)); IM_FREE(Data); } Data = new_data; Capacity = new_capacity; }
data/imgui-1.79+ds/imgui.h:1432:120: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
inline void push_back(const T& v) { if (Size == Capacity) reserve(_grow_capacity(Size + 1)); memcpy(&Data[Size], &v, sizeof(v)); Size++; }
data/imgui-1.79+ds/imgui.h:1437:166: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
inline T* erase_unsorted(const T* it) { IM_ASSERT(it >= Data && it < Data + Size); const ptrdiff_t off = it - Data; if (it < Data + Size - 1) memcpy(Data + off, Data + Size - 1, sizeof(T)); Size--; return Data + off; }
data/imgui-1.79+ds/imgui.h:1438:297: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
inline T* insert(const T* it, const T& v) { IM_ASSERT(it >= Data && it <= Data + Size); const ptrdiff_t off = it - Data; if (Size == Capacity) reserve(_grow_capacity(Size + 1)); if (off < (int)Size) memmove(Data + off + 1, Data + off, ((size_t)Size - (size_t)off) * sizeof(T)); memcpy(&Data[off], &v, sizeof(v)); Size++; return Data + off; }
data/imgui-1.79+ds/imgui.h:1706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DataType[32 + 1]; // Data type tag (short user-supplied string, 32 characters max)
data/imgui-1.79+ds/imgui.h:1747:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static inline void SetNextTreeNodeOpen(bool open, ImGuiCond cond = 0) { SetNextItemOpen(open, cond); }
data/imgui-1.79+ds/imgui.h:1747:94: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static inline void SetNextTreeNodeOpen(bool open, ImGuiCond cond = 0) { SetNextItemOpen(open, cond); }
data/imgui-1.79+ds/imgui.h:1811:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InputBuf[256];
data/imgui-1.79+ds/imgui.h:1821:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
IMGUI_API static char EmptyString[1];
data/imgui-1.79+ds/imgui.h:2253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[40]; // Name (strictly to ease debugging)
data/imgui-1.79+ds/imgui_demo.cpp:571:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str0[128] = "Hello, world!";
data/imgui-1.79+ds/imgui_demo.cpp:586:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str1[128] = "";
data/imgui-1.79+ds/imgui_demo.cpp:887:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32] = "\xe6\x97\xa5\xe6\x9c\xac\xe8\xaa\x9e";
data/imgui-1.79+ds/imgui_demo.cpp:1042:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/imgui-1.79+ds/imgui_demo.cpp:1043:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Object %d", n);
data/imgui-1.79+ds/imgui_demo.cpp:1055:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/imgui-1.79+ds/imgui_demo.cpp:1056:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Object %d", n);
data/imgui-1.79+ds/imgui_demo.cpp:1082:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32]; sprintf(label, "Item %d", i);
data/imgui-1.79+ds/imgui_demo.cpp:1082:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char label[32]; sprintf(label, "Item %d", i);
data/imgui-1.79+ds/imgui_demo.cpp:1091:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char selected[4][4] = { { 1, 0, 0, 0 }, { 0, 1, 0, 0 }, { 0, 0, 1, 0 }, { 0, 0, 0, 1 } };
data/imgui-1.79+ds/imgui_demo.cpp:1133:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/imgui-1.79+ds/imgui_demo.cpp:1134:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "(%.1f,%.1f)", alignment.x, alignment.y);
data/imgui-1.79+ds/imgui_demo.cpp:1154:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[1024 * 16] =
data/imgui-1.79+ds/imgui_demo.cpp:1188:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf1[64] = ""; ImGui::InputText("default", buf1, 64);
data/imgui-1.79+ds/imgui_demo.cpp:1189:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[64] = ""; ImGui::InputText("decimal", buf2, 64, ImGuiInputTextFlags_CharsDecimal);
data/imgui-1.79+ds/imgui_demo.cpp:1190:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf3[64] = ""; ImGui::InputText("hexadecimal", buf3, 64, ImGuiInputTextFlags_CharsHexadecimal | ImGuiInputTextFlags_CharsUppercase);
data/imgui-1.79+ds/imgui_demo.cpp:1191:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf4[64] = ""; ImGui::InputText("uppercase", buf4, 64, ImGuiInputTextFlags_CharsUppercase);
data/imgui-1.79+ds/imgui_demo.cpp:1192:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf5[64] = ""; ImGui::InputText("no blank", buf5, 64, ImGuiInputTextFlags_CharsNoBlank);
data/imgui-1.79+ds/imgui_demo.cpp:1193:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf6[64] = ""; ImGui::InputText("\"imgui\" letters", buf6, 64, ImGuiInputTextFlags_CallbackCharFilter, TextFilters::FilterImGuiLetters);
data/imgui-1.79+ds/imgui_demo.cpp:1199:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char password[64] = "password123";
data/imgui-1.79+ds/imgui_demo.cpp:1246:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf1[64];
data/imgui-1.79+ds/imgui_demo.cpp:1250:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[64];
data/imgui-1.79+ds/imgui_demo.cpp:1254:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf3[64];
data/imgui-1.79+ds/imgui_demo.cpp:1343:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char overlay[32];
data/imgui-1.79+ds/imgui_demo.cpp:1344:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(overlay, "avg %f", average);
data/imgui-1.79+ds/imgui_demo.cpp:1384:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/imgui-1.79+ds/imgui_demo.cpp:1385:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d/%d", (int)(progress_saturated * 1753), 1753);
data/imgui-1.79+ds/imgui_demo.cpp:1480:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((float*)&saved_palette[n], payload->Data, sizeof(float) * 3);
data/imgui-1.79+ds/imgui_demo.cpp:1482:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((float*)&saved_palette[n], payload->Data, sizeof(float) * 4);
data/imgui-1.79+ds/imgui_demo.cpp:1949:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[16] = {};
data/imgui-1.79+ds/imgui_demo.cpp:2125:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/imgui-1.79+ds/imgui_demo.cpp:2126:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%03d", i);
data/imgui-1.79+ds/imgui_demo.cpp:2411:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/imgui-1.79+ds/imgui_demo.cpp:2413:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ImGui::BeginTabItem(name, &open, ImGuiTabItemFlags_None))
data/imgui-1.79+ds/imgui_demo.cpp:2419:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open)
data/imgui-1.79+ds/imgui_demo.cpp:2737:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_buf[16];
data/imgui-1.79+ds/imgui_demo.cpp:2738:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_buf, "%d", n);
data/imgui-1.79+ds/imgui_demo.cpp:2831:62: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ImGui::CollapsingHeader("CollapsingHeader", &open);
data/imgui-1.79+ds/imgui_demo.cpp:3063:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[32] = "Label1";
data/imgui-1.79+ds/imgui_demo.cpp:3064:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/imgui-1.79+ds/imgui_demo.cpp:3200:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/imgui-1.79+ds/imgui_demo.cpp:3201:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "Item %d", n);
data/imgui-1.79+ds/imgui_demo.cpp:3222:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/imgui-1.79+ds/imgui_demo.cpp:3223:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "%04d", i);
data/imgui-1.79+ds/imgui_demo.cpp:3475:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32] = "hello";
data/imgui-1.79+ds/imgui_demo.cpp:3493:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128] = "click on a button to set focus";
data/imgui-1.79+ds/imgui_demo.cpp:3569:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/imgui-1.79+ds/imgui_demo.cpp:4217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InputBuf[256];
data/imgui-1.79+ds/imgui_demo.cpp:4251:151: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static char* Strdup(const char* s) { size_t len = strlen(s) + 1; void* buf = malloc(len); IM_ASSERT(buf); return (char*)memcpy(buf, (const void*)s, len); }
data/imgui-1.79+ds/imgui_demo.cpp:4264:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/imgui-1.79+ds/imgui_demo.cpp:4751:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[128];
data/imgui-1.79+ds/imgui_demo.cpp:4752:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "MyObject %d", i);
data/imgui-1.79+ds/imgui_demo.cpp:5072:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/imgui-1.79+ds/imgui_demo.cpp:5073:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Animated title %c %d###AnimatedTitle", "|/-\\"[(int)(ImGui::GetTime() / 0.25f) & 3], ImGui::GetFrameCount());
data/imgui-1.79+ds/imgui_demo.cpp:5326:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Open = OpenPrev = open;
data/imgui-1.79+ds/imgui_demo.cpp:5359:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/imgui-1.79+ds/imgui_draw.cpp:467:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ImDrawCmd_HeaderCopy(CMD_DST, CMD_SRC) (memcpy(CMD_DST, CMD_SRC, ImDrawCmd_HeaderSize)) // Copy ClipRect, TextureId, VtxOffset
data/imgui-1.79+ds/imgui_draw.cpp:1511:44: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (int sz = ch._CmdBuffer.Size) { memcpy(cmd_write, ch._CmdBuffer.Data, sz * sizeof(ImDrawCmd)); cmd_write += sz; }
data/imgui-1.79+ds/imgui_draw.cpp:1512:44: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (int sz = ch._IdxBuffer.Size) { memcpy(idx_write, ch._IdxBuffer.Data, sz * sizeof(ImDrawIdx)); idx_write += sz; }
data/imgui-1.79+ds/imgui_draw.cpp:1537:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_Channels.Data[_Current]._CmdBuffer, &draw_list->CmdBuffer, sizeof(draw_list->CmdBuffer));
data/imgui-1.79+ds/imgui_draw.cpp:1538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_Channels.Data[_Current]._IdxBuffer, &draw_list->IdxBuffer, sizeof(draw_list->IdxBuffer));
data/imgui-1.79+ds/imgui_draw.cpp:1679:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char FONT_ATLAS_DEFAULT_TEX_DATA_PIXELS[FONT_ATLAS_DEFAULT_TEX_DATA_W * FONT_ATLAS_DEFAULT_TEX_DATA_H + 1] =
data/imgui-1.79+ds/imgui_draw.cpp:1853:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_font_cfg.FontData, font_cfg->FontData, (size_t)new_font_cfg.FontDataSize);
data/imgui-1.79+ds/imgui_draw.cpp:2024:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ImFontAtlasBuildMultiplyCalcLookupTable(unsigned char out_table[256], float in_brighten_factor)
data/imgui-1.79+ds/imgui_draw.cpp:2033:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ImFontAtlasBuildMultiplyRectAlpha8(const unsigned char table[256], unsigned char* pixels, int x, int y, int w, int h, int stride)
data/imgui-1.79+ds/imgui_draw.cpp:2273:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char multiply_table[256];
data/imgui-1.79+ds/imgui_draw.cpp:2617:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_ranges, base_ranges, sizeof(base_ranges));
data/imgui-1.79+ds/imgui_draw.cpp:2675:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_ranges, base_ranges, sizeof(base_ranges));
data/imgui-1.79+ds/imgui_draw.cpp:3611:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stb__dout, data, length);
data/imgui-1.79+ds/imgui_draw.cpp:3711:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char proggy_clean_ttf_compressed_data_base85[11980 + 1] =
data/imgui-1.79+ds/imgui_internal.h:1265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char DragDropPayloadBufLocal[16]; // Local buffer for small payloads
data/imgui-1.79+ds/imgui_internal.h:1327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TempBuffer[1024 * 3 + 1]; // Temporary text buffer
data/imgui-1.79+ds/imgui_internal.h:2054:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
IMGUI_API void ImFontAtlasBuildMultiplyCalcLookupTable(unsigned char out_table[256], float in_multiply_factor);
data/imgui-1.79+ds/imgui_internal.h:2055:79: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
IMGUI_API void ImFontAtlasBuildMultiplyRectAlpha8(const unsigned char table[256], unsigned char* pixels, int x, int y, int w, int h, int stride);
data/imgui-1.79+ds/imgui_widgets.cpp:1211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char overlay_buf[32];
data/imgui-1.79+ds/imgui_widgets.cpp:1576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/imgui-1.79+ds/imgui_widgets.cpp:1866:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_backup, p_data, type_info->Size);
data/imgui-1.79+ds/imgui_widgets.cpp:2025:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v_str[64];
data/imgui-1.79+ds/imgui_widgets.cpp:2276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_buf[64];
data/imgui-1.79+ds/imgui_widgets.cpp:2888:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_buf[64];
data/imgui-1.79+ds/imgui_widgets.cpp:3035:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value_buf[64];
data/imgui-1.79+ds/imgui_widgets.cpp:3203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buf[32];
data/imgui-1.79+ds/imgui_widgets.cpp:3204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_buf[32];
data/imgui-1.79+ds/imgui_widgets.cpp:3217:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_backup, p_data, data_type_size);
data/imgui-1.79+ds/imgui_widgets.cpp:3250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/imgui-1.79+ds/imgui_widgets.cpp:3370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16] = "%f";
data/imgui-1.79+ds/imgui_widgets.cpp:3378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16] = "%f";
data/imgui-1.79+ds/imgui_widgets.cpp:3386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16] = "%f";
data/imgui-1.79+ds/imgui_widgets.cpp:3394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[16] = "%f";
data/imgui-1.79+ds/imgui_widgets.cpp:3586:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text + pos, new_text, (size_t)new_text_len * sizeof(ImWchar));
data/imgui-1.79+ds/imgui_widgets.cpp:3692:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Buf + pos, new_text, (size_t)new_text_len * sizeof(char));
data/imgui-1.79+ds/imgui_widgets.cpp:3893:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->InitialTextA.Data, buf, buf_len + 1);
data/imgui-1.79+ds/imgui_widgets.cpp:4726:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/imgui-1.79+ds/imgui_widgets.cpp:4802:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g.ColorEditLastColor, f, sizeof(float) * 3);
data/imgui-1.79+ds/imgui_widgets.cpp:4824:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((float*)col, payload->Data, sizeof(float) * 3); // Preserve alpha if any //-V512
data/imgui-1.79+ds/imgui_widgets.cpp:4829:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((float*)col, payload->Data, sizeof(float) * components);
data/imgui-1.79+ds/imgui_widgets.cpp:4918:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(backup_initial_col, col, components * sizeof(float));
data/imgui-1.79+ds/imgui_widgets.cpp:5056:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(col, ref_col, components * sizeof(float));
data/imgui-1.79+ds/imgui_widgets.cpp:5072:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g.ColorEditLastColor, col, sizeof(float) * 3);
data/imgui-1.79+ds/imgui_widgets.cpp:5416:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/imgui-1.79+ds/imgui_widgets.cpp:5463:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&previewing_ref_col, ref_col, sizeof(float) * ((picker_flags & ImGuiColorEditFlags_NoAlpha) ? 3 : 4));
data/imgui-1.79+ds/imgui_widgets.cpp:6388:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/imgui-1.79+ds/imgui_widgets.cpp:7431:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open)
data/imgui-1.79+ds/imstb_truetype.h:284:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ttf_buffer[1<<20];
data/imgui-1.79+ds/imstb_truetype.h:285:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp_bitmap[512*512];
data/imgui-1.79+ds/imstb_truetype.h:292:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(ttf_buffer, 1, 1<<20, fopen("c:/windows/fonts/times.ttf", "rb"));
data/imgui-1.79+ds/imstb_truetype.h:333:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttf_buffer[1<<25];
data/imgui-1.79+ds/imstb_truetype.h:339:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/imgui-1.79+ds/imstb_truetype.h:339:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/imgui-1.79+ds/imstb_truetype.h:341:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(ttf_buffer, 1, 1<<25, fopen(argc > 3 ? argv[3] : "c:/windows/fonts/arialbd.ttf", "rb"));
data/imgui-1.79+ds/imstb_truetype.h:373:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[24<<20];
data/imgui-1.79+ds/imstb_truetype.h:374:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char screen[20][79];
data/imgui-1.79+ds/imstb_truetype.h:383:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(buffer, 1, 1000000, fopen("c:/windows/fonts/arialbd.ttf", "rb"));
data/imgui-1.79+ds/imstb_truetype.h:437:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stbtt__check_size32[sizeof(stbtt_int32)==4 ? 1 : -1];
data/imgui-1.79+ds/imstb_truetype.h:438:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stbtt__check_size16[sizeof(stbtt_int16)==2 ? 1 : -1];
data/imgui-1.79+ds/imstb_truetype.h:488:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define STBTT_memcpy memcpy
data/imgui-1.79+ds/imstb_truetype.h:2839:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scanline_data[512], *scanline;
data/imgui-1.79+ds/imstb_truetype.h:3854:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/imgui-1.79+ds/imstb_truetype.h:3916:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/imgui-1.79+ds/misc/freetype/imgui_freetype.cpp:249:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, w);
data/imgui-1.79+ds/misc/freetype/imgui_freetype.cpp:460:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char multiply_table[256];
data/imgui-1.79+ds/misc/freetype/imgui_freetype.cpp:580:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blit_dst, blit_src, blit_src_stride);
data/imgui-1.79+ds/misc/freetype/imgui_freetype.cpp:643:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_block, block, (size_t)cur_size);
data/imgui-1.79+ds/examples/imgui_impl_dx10.cpp:371:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (FAILED(D3DCompile(vertexShader, strlen(vertexShader), NULL, NULL, NULL, "main", "vs_4_0", 0, 0, &vertexShaderBlob, NULL)))
data/imgui-1.79+ds/examples/imgui_impl_dx10.cpp:424:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (FAILED(D3DCompile(pixelShader, strlen(pixelShader), NULL, NULL, NULL, "main", "ps_4_0", 0, 0, &pixelShaderBlob, NULL)))
data/imgui-1.79+ds/examples/imgui_impl_dx11.cpp:383:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (FAILED(D3DCompile(vertexShader, strlen(vertexShader), NULL, NULL, NULL, "main", "vs_4_0", 0, 0, &vertexShaderBlob, NULL)))
data/imgui-1.79+ds/examples/imgui_impl_dx11.cpp:436:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (FAILED(D3DCompile(pixelShader, strlen(pixelShader), NULL, NULL, NULL, "main", "ps_4_0", 0, 0, &pixelShaderBlob, NULL)))
data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp:514:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (FAILED(D3DCompile(vertexShader, strlen(vertexShader), NULL, NULL, NULL, "main", "vs_5_0", 0, 0, &vertexShaderBlob, NULL)))
data/imgui-1.79+ds/examples/imgui_impl_dx12.cpp:546:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (FAILED(D3DCompile(pixelShader, strlen(pixelShader), NULL, NULL, NULL, "main", "ps_5_0", 0, 0, &pixelShaderBlob, NULL)))
data/imgui-1.79+ds/examples/imgui_impl_opengl3.cpp:181:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IM_ASSERT((int)strlen(glsl_version) + 2 < IM_ARRAYSIZE(g_GlslVersionString));
data/imgui-1.79+ds/examples/imgui_impl_opengl3.cpp:183:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(g_GlslVersionString, "\n");
data/imgui-1.79+ds/imgui.cpp:1252:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, count - 1);
data/imgui-1.79+ds/imgui.cpp:1258:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/imgui-1.79+ds/imgui.cpp:1265:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dst_buf_size = p_dst_size ? *p_dst_size : strlen(dst) + 1;
data/imgui-1.79+ds/imgui.cpp:1266:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_size = strlen(src) + 1;
data/imgui-1.79+ds/imgui.cpp:1308:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_end = needle + strlen(needle);
data/imgui-1.79+ds/imgui.cpp:2010:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ImGuiTextRange input_range(InputBuf, InputBuf + strlen(InputBuf));
data/imgui-1.79+ds/imgui.cpp:2080:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = str_end ? (int)(str_end - str) : (int)strlen(str);
data/imgui-1.79+ds/imgui.cpp:2560:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_end = text + strlen(text); // FIXME-OPT
data/imgui-1.79+ds/imgui.cpp:2578:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_end = text + strlen(text); // FIXME-OPT
data/imgui-1.79+ds/imgui.cpp:2790:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NameBufLen = (int)strlen(name) + 1;
data/imgui-1.79+ds/imgui.cpp:9458:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IM_ASSERT(strlen(type) < IM_ARRAYSIZE(payload.DataType) && "Payload type can be at most 32 characters long");
data/imgui-1.79+ds/imgui.cpp:9896:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t name_len = strlen(name);
data/imgui-1.79+ds/imgui.cpp:9964:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ini_size = strlen(ini_data);
data/imgui-1.79+ds/imgui.cpp:10217:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CFDataRef cf_data = CFDataCreate(kCFAllocatorDefault, (const UInt8*)text, strlen(text));
data/imgui-1.79+ds/imgui.cpp:10271:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* text_end = text + strlen(text);
data/imgui-1.79+ds/imgui_demo.cpp:3963:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name, 23 - (int)strlen(name), "", col.x, col.y, col.z, col.w);
data/imgui-1.79+ds/imgui_demo.cpp:4251:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static char* Strdup(const char* s) { size_t len = strlen(s) + 1; void* buf = malloc(len); IM_ASSERT(buf); return (char*)memcpy(buf, (const void*)s, len); }
data/imgui-1.79+ds/imgui_demo.cpp:4252:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static void Strtrim(char* s) { char* str_end = s + strlen(s); while (str_end > s && str_end[-1] == ' ') str_end--; *str_end = 0; }
data/imgui-1.79+ds/imgui_demo.cpp:4398:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s, "");
data/imgui-1.79+ds/imgui_draw.cpp:1321:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_end = text_begin + strlen(text_begin);
data/imgui-1.79+ds/imgui_draw.cpp:1917:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = filename + strlen(filename); p > filename && p[-1] != '/' && p[-1] != '\\'; p--) {}
data/imgui-1.79+ds/imgui_draw.cpp:1951:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int compressed_ttf_size = (((int)strlen(compressed_ttf_data_base85) + 4) / 5) * 4;
data/imgui-1.79+ds/imgui_draw.cpp:3068:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_end = text_begin + strlen(text_begin); // FIXME-OPT: Need to avoid this.
data/imgui-1.79+ds/imgui_draw.cpp:3174:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_end = text_begin + strlen(text_begin); // ImGui:: functions generally already provides a valid text_end, so this is merely to handle direct calls.
data/imgui-1.79+ds/imgui_widgets.cpp:149:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_end = text + strlen(text); // FIXME-OPT
data/imgui-1.79+ds/imgui_widgets.cpp:1632:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/imgui-1.79+ds/imgui_widgets.cpp:1697:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p) + 1;
data/imgui-1.79+ds/imgui_widgets.cpp:3673:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int new_text_len = new_text_end ? (int)(new_text_end - new_text) : (int)strlen(new_text);
data/imgui-1.79+ds/imgui_widgets.cpp:3891:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int buf_len = (int)strlen(buf);
data/imgui-1.79+ds/imgui_widgets.cpp:4172:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int clipboard_len = (int)strlen(clipboard);
data/imgui-1.79+ds/imgui_widgets.cpp:4304:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
IM_ASSERT(callback_data.BufTextLen == (int)strlen(callback_data.Buf)); // You need to maintain BufTextLen if you change the text!
data/imgui-1.79+ds/imgui_widgets.cpp:4381:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_display_end = hint + strlen(hint);
data/imgui-1.79+ds/imgui_widgets.cpp:4553:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_display_end = buf_display + strlen(buf_display);
data/imgui-1.79+ds/imgui_widgets.cpp:7584:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab_bar->TabsNames.append(label, label + strlen(label) + 1);
data/imgui-1.79+ds/imstb_truetype.h:483:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STBTT_strlen(x) strlen(x)
data/imgui-1.79+ds/imstb_truetype.h:4292:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int equal(float *a, float *b)
data/imgui-1.79+ds/imstb_truetype.h:4341:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(q0,q1) || equal(q1,q2)) {
data/imgui-1.79+ds/imstb_truetype.h:4341:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(q0,q1) || equal(q1,q2)) {
ANALYSIS SUMMARY:
Hits = 256
Lines analyzed = 52013 in approximately 1.55 seconds (33625 lines/second)
Physical Source Lines of Code (SLOC) = 37650
Hits@level = [0] 39 [1] 46 [2] 185 [3] 0 [4] 25 [5] 0
Hits@level+ = [0+] 295 [1+] 256 [2+] 210 [3+] 25 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 7.83533 [1+] 6.79947 [2+] 5.57769 [3+] 0.664011 [4+] 0.664011 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.