Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libxml2-2.9.10+dfsg/catalog.c
Examining data/libxml2-2.9.10+dfsg/xpointer.c
Examining data/libxml2-2.9.10+dfsg/example/gjobread.c
Examining data/libxml2-2.9.10+dfsg/xmlIO.c
Examining data/libxml2-2.9.10+dfsg/globals.c
Examining data/libxml2-2.9.10+dfsg/trionan.c
Examining data/libxml2-2.9.10+dfsg/triop.h
Examining data/libxml2-2.9.10+dfsg/doc/examples/parse2.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/reader2.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/tree1.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/parse4.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/testWriter.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/reader4.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/parse1.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/parse3.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/reader1.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/xpath2.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/tree2.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/xpath1.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/io1.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/reader3.c
Examining data/libxml2-2.9.10+dfsg/doc/examples/io2.c
Examining data/libxml2-2.9.10+dfsg/doc/tutorial/includeaddkeyword.c
Examining data/libxml2-2.9.10+dfsg/doc/tutorial/includegetattribute.c
Examining data/libxml2-2.9.10+dfsg/doc/tutorial/includeconvert.c
Examining data/libxml2-2.9.10+dfsg/doc/tutorial/includekeyword.c
Examining data/libxml2-2.9.10+dfsg/doc/tutorial/includexpath.c
Examining data/libxml2-2.9.10+dfsg/doc/tutorial/includeaddattribute.c
Examining data/libxml2-2.9.10+dfsg/SAX2.c
Examining data/libxml2-2.9.10+dfsg/trionan.h
Examining data/libxml2-2.9.10+dfsg/os400/rpgsupport.h
Examining data/libxml2-2.9.10+dfsg/os400/rpgsupport.c
Examining data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.h
Examining data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c
Examining data/libxml2-2.9.10+dfsg/os400/xmlcatlgcl.c
Examining data/libxml2-2.9.10+dfsg/os400/wrappers.h
Examining data/libxml2-2.9.10+dfsg/os400/transcode.c
Examining data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c
Examining data/libxml2-2.9.10+dfsg/os400/iconv/iconv.c
Examining data/libxml2-2.9.10+dfsg/os400/iconv/ianatables.c
Examining data/libxml2-2.9.10+dfsg/os400/iconv/iconv.h
Examining data/libxml2-2.9.10+dfsg/os400/xmllintcl.c
Examining data/libxml2-2.9.10+dfsg/os400/transcode.h
Examining data/libxml2-2.9.10+dfsg/os400/libxmlmain.c
Examining data/libxml2-2.9.10+dfsg/os400/wrappers.c
Examining data/libxml2-2.9.10+dfsg/testThreads.c
Examining data/libxml2-2.9.10+dfsg/xmlsave.c
Examining data/libxml2-2.9.10+dfsg/libxml.h
Examining data/libxml2-2.9.10+dfsg/runxmlconf.c
Examining data/libxml2-2.9.10+dfsg/uri.c
Examining data/libxml2-2.9.10+dfsg/nanohttp.c
Examining data/libxml2-2.9.10+dfsg/threads.c
Examining data/libxml2-2.9.10+dfsg/SAX.c
Examining data/libxml2-2.9.10+dfsg/xzlib.c
Examining data/libxml2-2.9.10+dfsg/save.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/nanoftp.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/SAX2.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/HTMLtree.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlerror.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/globals.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xinclude.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/debugXML.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/parserInternals.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/valid.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/HTMLparser.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/threads.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlsave.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/relaxng.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/uri.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xpath.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/parser.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/nanohttp.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlversion.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlexports.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/encoding.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/c14n.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xpathInternals.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/list.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlmodule.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/tree.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/catalog.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/chvalid.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlschemas.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlautomata.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlstring.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlschemastypes.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/dict.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlIO.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/SAX.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlwriter.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/pattern.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/schemasInternals.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xlink.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/hash.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/schematron.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/entities.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/DOCBparser.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlmemory.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xpointer.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlreader.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlunicode.h
Examining data/libxml2-2.9.10+dfsg/include/libxml/xmlregexp.h
Examining data/libxml2-2.9.10+dfsg/include/win32config.h
Examining data/libxml2-2.9.10+dfsg/include/wsockcompat.h
Examining data/libxml2-2.9.10+dfsg/testlimits.c
Examining data/libxml2-2.9.10+dfsg/HTMLtree.c
Examining data/libxml2-2.9.10+dfsg/xmlregexp.c
Examining data/libxml2-2.9.10+dfsg/hash.c
Examining data/libxml2-2.9.10+dfsg/testchar.c
Examining data/libxml2-2.9.10+dfsg/debugXML.c
Examining data/libxml2-2.9.10+dfsg/testHTML.c
Examining data/libxml2-2.9.10+dfsg/xmlmodule.c
Examining data/libxml2-2.9.10+dfsg/trio.c
Examining data/libxml2-2.9.10+dfsg/triostr.c
Examining data/libxml2-2.9.10+dfsg/testSchemas.c
Examining data/libxml2-2.9.10+dfsg/testSAX.c
Examining data/libxml2-2.9.10+dfsg/testC14N.c
Examining data/libxml2-2.9.10+dfsg/chvalid.c
Examining data/libxml2-2.9.10+dfsg/error.c
Examining data/libxml2-2.9.10+dfsg/xinclude.c
Examining data/libxml2-2.9.10+dfsg/xmlstring.c
Examining data/libxml2-2.9.10+dfsg/pattern.c
Examining data/libxml2-2.9.10+dfsg/enc.h
Examining data/libxml2-2.9.10+dfsg/xmlmemory.c
Examining data/libxml2-2.9.10+dfsg/HTMLparser.c
Examining data/libxml2-2.9.10+dfsg/testapi.c
Examining data/libxml2-2.9.10+dfsg/valid.c
Examining data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.c
Examining data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h
Examining data/libxml2-2.9.10+dfsg/win32/VC10/config.h
Examining data/libxml2-2.9.10+dfsg/timsort.h
Examining data/libxml2-2.9.10+dfsg/xmlreader.c
Examining data/libxml2-2.9.10+dfsg/xpath.c
Examining data/libxml2-2.9.10+dfsg/entities.c
Examining data/libxml2-2.9.10+dfsg/testRelax.c
Examining data/libxml2-2.9.10+dfsg/testdso.c
Examining data/libxml2-2.9.10+dfsg/macos/src/XMLTestPrefix.h
Examining data/libxml2-2.9.10+dfsg/macos/src/XMLTestPrefix2.h
Examining data/libxml2-2.9.10+dfsg/macos/src/macos_main.c
Examining data/libxml2-2.9.10+dfsg/macos/src/config-mac.h
Examining data/libxml2-2.9.10+dfsg/buf.h
Examining data/libxml2-2.9.10+dfsg/nanoftp.c
Examining data/libxml2-2.9.10+dfsg/xmlschemastypes.c
Examining data/libxml2-2.9.10+dfsg/runtest.c
Examining data/libxml2-2.9.10+dfsg/testRegexp.c
Examining data/libxml2-2.9.10+dfsg/testXPath.c
Examining data/libxml2-2.9.10+dfsg/buf.c
Examining data/libxml2-2.9.10+dfsg/testURI.c
Examining data/libxml2-2.9.10+dfsg/parserInternals.c
Examining data/libxml2-2.9.10+dfsg/schematron.c
Examining data/libxml2-2.9.10+dfsg/testdict.c
Examining data/libxml2-2.9.10+dfsg/python/libxml2-py.h
Examining data/libxml2-2.9.10+dfsg/python/libxml2-py.c
Examining data/libxml2-2.9.10+dfsg/python/libxml_wrap.h
Examining data/libxml2-2.9.10+dfsg/python/libxml2-export.c
Examining data/libxml2-2.9.10+dfsg/python/libxml.c
Examining data/libxml2-2.9.10+dfsg/python/types.c
Examining data/libxml2-2.9.10+dfsg/testReader.c
Examining data/libxml2-2.9.10+dfsg/runsuite.c
Examining data/libxml2-2.9.10+dfsg/trio.h
Examining data/libxml2-2.9.10+dfsg/list.c
Examining data/libxml2-2.9.10+dfsg/legacy.c
Examining data/libxml2-2.9.10+dfsg/DOCBparser.c
Examining data/libxml2-2.9.10+dfsg/triodef.h
Examining data/libxml2-2.9.10+dfsg/xzlib.h
Examining data/libxml2-2.9.10+dfsg/elfgcchack.h
Examining data/libxml2-2.9.10+dfsg/xlink.c
Examining data/libxml2-2.9.10+dfsg/xmlunicode.c
Examining data/libxml2-2.9.10+dfsg/testrecurse.c
Examining data/libxml2-2.9.10+dfsg/encoding.c
Examining data/libxml2-2.9.10+dfsg/c14n.c
Examining data/libxml2-2.9.10+dfsg/xmlwriter.c
Examining data/libxml2-2.9.10+dfsg/testAutomata.c
Examining data/libxml2-2.9.10+dfsg/xmlcatalog.c
Examining data/libxml2-2.9.10+dfsg/triostr.h
Examining data/libxml2-2.9.10+dfsg/testModule.c
Examining data/libxml2-2.9.10+dfsg/relaxng.c
Examining data/libxml2-2.9.10+dfsg/dict.c
Examining data/libxml2-2.9.10+dfsg/xmlschemas.c
Examining data/libxml2-2.9.10+dfsg/parser.c
Examining data/libxml2-2.9.10+dfsg/tree.c
Examining data/libxml2-2.9.10+dfsg/xmllint.c
FINAL RESULTS:
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:466:22: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
l2 = readlink(buf1, buf2, MAXPATHLEN + 1);
data/libxml2-2.9.10+dfsg/HTMLparser.c:6387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *)content, (char *)content_line);
data/libxml2-2.9.10+dfsg/HTMLparser.c:6388:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat ((char *)content, (char *)encoding);
data/libxml2-2.9.10+dfsg/debugXML.c:2516:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access((char *) filename, W_OK)) {
data/libxml2-2.9.10+dfsg/debugXML.c:2585:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access((char *) filename, W_OK)) {
data/libxml2-2.9.10+dfsg/error.c:36:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
chars = vsnprintf(str, size, msg, ap); \
data/libxml2-2.9.10+dfsg/error.c:78:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf((FILE *)xmlGenericErrorContext, msg, args);
data/libxml2-2.9.10+dfsg/error.c:634:58: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if (((void(*)(void)) channel == (void(*)(void)) fprintf) ||
data/libxml2-2.9.10+dfsg/example/gjobread.c:26:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG(x) printf(x)
data/libxml2-2.9.10+dfsg/include/win32config.h:95:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libxml2-2.9.10+dfsg/include/win32config.h:95:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libxml2-2.9.10+dfsg/include/win32config.h:98:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
data/libxml2-2.9.10+dfsg/libxml.h:46:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *, size_t, const char *, ...);
data/libxml2-2.9.10+dfsg/libxml.h:47:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int vfprintf(FILE *, const char *, va_list);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:288:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->str, strerror(err_no));
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:689:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qsysinfo->Lib_Name, qsysinfo->Obj_Name);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:695:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qsysinfo->Lib_Name, dftlib? dftlib: "*LIBL");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:885:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qsysinfo->Lib_Name, libname);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:941:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(namebuf, "%s/%s.LIB/%s.SRVPGM",
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:954:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(symbuf, utf8_ibm_);
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:957:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(symbuf, utf8_IBMCCSID);
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:962:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(symbuf, utf8_iana_);
data/libxml2-2.9.10+dfsg/python/libxml.c:33:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf trio_vsnprintf
data/libxml2-2.9.10+dfsg/python/libxml.c:1143:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, 1023, msg, args);
data/libxml2-2.9.10+dfsg/python/libxml.c:1169:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, 1023, msg, args);
data/libxml2-2.9.10+dfsg/python/libxml.c:1195:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, 1023, msg, args);
data/libxml2-2.9.10+dfsg/python/libxml.c:1607:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
chars = vsnprintf(str, 999, msg, ap);
data/libxml2-2.9.10+dfsg/python/libxml.c:1632:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/libxml2-2.9.10+dfsg/python/libxml.c:1636:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (vsnprintf(str, 999, msg, ap) >= 998)
data/libxml2-2.9.10+dfsg/runsuite.c:171:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, msg, args);
data/libxml2-2.9.10+dfsg/runsuite.c:178:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, args);
data/libxml2-2.9.10+dfsg/runsuite.c:191:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(&testErrors[testErrorsSize],
data/libxml2-2.9.10+dfsg/runtest.c:257:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(&testErrors[testErrorsSize],
data/libxml2-2.9.10+dfsg/runtest.c:279:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(&testErrors[testErrorsSize],
data/libxml2-2.9.10+dfsg/runtest.c:1357:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(SAXdebug, msg, args);
data/libxml2-2.9.10+dfsg/runtest.c:1380:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(SAXdebug, msg, args);
data/libxml2-2.9.10+dfsg/runtest.c:1403:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(SAXdebug, msg, args);
data/libxml2-2.9.10+dfsg/runxmlconf.c:116:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, msg, args);
data/libxml2-2.9.10+dfsg/runxmlconf.c:123:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, args);
data/libxml2-2.9.10+dfsg/testHTML.c:533:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/testHTML.c:553:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/testHTML.c:573:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/testSAX.c:131:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libxml2-2.9.10+dfsg/testSAX.c:165:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libxml2-2.9.10+dfsg/testSAX.c:189:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/libxml2-2.9.10+dfsg/testSAX.c:786:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/testSAX.c:809:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/testSAX.c:832:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/testlimits.c:413:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(&testErrors[testErrorsSize],
data/libxml2-2.9.10+dfsg/testrecurse.c:321:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(&testErrors[testErrorsSize],
data/libxml2-2.9.10+dfsg/trio.h:158:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# undef printf
data/libxml2-2.9.10+dfsg/trio.h:159:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define printf trio_printf
data/libxml2-2.9.10+dfsg/trio.h:162:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# undef vprintf
data/libxml2-2.9.10+dfsg/trio.h:163:10: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define vprintf trio_vprintf
data/libxml2-2.9.10+dfsg/trio.h:166:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# undef fprintf
data/libxml2-2.9.10+dfsg/trio.h:167:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define fprintf trio_fprintf
data/libxml2-2.9.10+dfsg/trio.h:170:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# undef vfprintf
data/libxml2-2.9.10+dfsg/trio.h:171:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define vfprintf trio_vfprintf
data/libxml2-2.9.10+dfsg/trio.h:174:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
# undef sprintf
data/libxml2-2.9.10+dfsg/trio.h:175:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
# define sprintf trio_sprintf
data/libxml2-2.9.10+dfsg/trio.h:178:9: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
# undef vsprintf
data/libxml2-2.9.10+dfsg/trio.h:179:10: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
# define vsprintf trio_vsprintf
data/libxml2-2.9.10+dfsg/trio.h:182:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# undef snprintf
data/libxml2-2.9.10+dfsg/trio.h:183:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf trio_snprintf
data/libxml2-2.9.10+dfsg/trio.h:186:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# undef vsnprintf
data/libxml2-2.9.10+dfsg/trio.h:187:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf trio_vsnprintf
data/libxml2-2.9.10+dfsg/trio.h:190:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# undef scanf
data/libxml2-2.9.10+dfsg/trio.h:191:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define scanf trio_scanf
data/libxml2-2.9.10+dfsg/trio.h:194:9: [4] (buffer) vscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# undef vscanf
data/libxml2-2.9.10+dfsg/trio.h:195:10: [4] (buffer) vscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define vscanf trio_vscanf
data/libxml2-2.9.10+dfsg/trio.h:198:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# undef fscanf
data/libxml2-2.9.10+dfsg/trio.h:199:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define fscanf trio_fscanf
data/libxml2-2.9.10+dfsg/trio.h:202:9: [4] (buffer) vfscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# undef vfscanf
data/libxml2-2.9.10+dfsg/trio.h:203:10: [4] (buffer) vfscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define vfscanf trio_vfscanf
data/libxml2-2.9.10+dfsg/trio.h:206:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# undef sscanf
data/libxml2-2.9.10+dfsg/trio.h:207:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define sscanf trio_sscanf
data/libxml2-2.9.10+dfsg/trio.h:210:9: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# undef vsscanf
data/libxml2-2.9.10+dfsg/trio.h:211:10: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
# define vsscanf trio_vsscanf
data/libxml2-2.9.10+dfsg/triostr.c:194:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return (strcat(target, source) != NULL);
data/libxml2-2.9.10+dfsg/triostr.c:282:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(target, source);
data/libxml2-2.9.10+dfsg/valid.c:1322:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, (char *) content->prefix);
data/libxml2-2.9.10+dfsg/valid.c:1326:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, (char *) content->name);
data/libxml2-2.9.10+dfsg/valid.c:5246:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, (char *) cur->ns->prefix);
data/libxml2-2.9.10+dfsg/valid.c:5254:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, (char *) cur->name);
data/libxml2-2.9.10+dfsg/win32/VC10/config.h:94:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libxml2-2.9.10+dfsg/win32/VC10/config.h:94:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libxml2-2.9.10+dfsg/win32/VC10/config.h:97:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h:46:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h:46:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h:47:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf(b,c,f,a) _vsnprintf(b,c,f,a)
data/libxml2-2.9.10+dfsg/xmllint.c:278:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf \
data/libxml2-2.9.10+dfsg/xmllint.c:301:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf \
data/libxml2-2.9.10+dfsg/xmllint.c:451:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libxml2-2.9.10+dfsg/xmllint.c:485:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libxml2-2.9.10+dfsg/xmllint.c:510:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/libxml2-2.9.10+dfsg/xmllint.c:646:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(&buffer[len], sizeof(buffer) - len, msg, args);
data/libxml2-2.9.10+dfsg/xmllint.c:684:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(&buffer[len], sizeof(buffer) - len, msg, args);
data/libxml2-2.9.10+dfsg/xmllint.c:720:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(&buffer[len], sizeof(buffer) - len, msg, args);
data/libxml2-2.9.10+dfsg/xmllint.c:757:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(&buffer[len], sizeof(buffer) - len, msg, args);
data/libxml2-2.9.10+dfsg/xmllint.c:1415:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/xmllint.c:1438:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/xmllint.c:1461:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, msg, args);
data/libxml2-2.9.10+dfsg/xmlmemory.c:546:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,str);
data/libxml2-2.9.10+dfsg/xmlreader.c:4757:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
chars = vsnprintf(str, size, msg, aq);
data/libxml2-2.9.10+dfsg/xmlstring.c:558:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf((char *) buf, len, (const char *) msg, args);
data/libxml2-2.9.10+dfsg/xmlstring.c:584:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf((char *) buf, len, (const char *) msg, ap);
data/libxml2-2.9.10+dfsg/xmlwriter.c:4484:22: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
while (((count = vsnprintf((char *) buf, size, format, locarg)) < 0)
data/libxml2-2.9.10+dfsg/xzlib.c:116:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state->msg, state->path);
data/libxml2-2.9.10+dfsg/xzlib.c:118:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(state->msg, msg);
data/libxml2-2.9.10+dfsg/xzlib.c:158:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state->path, path);
data/libxml2-2.9.10+dfsg/catalog.c:3094:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("XML_DEBUG_CATALOG"))
data/libxml2-2.9.10+dfsg/catalog.c:3115:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("XML_DEBUG_CATALOG"))
data/libxml2-2.9.10+dfsg/catalog.c:3125:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
catalogs = (const char *) getenv("XML_CATALOG_FILES");
data/libxml2-2.9.10+dfsg/dict.c:189:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/libxml2-2.9.10+dfsg/nanoftp.c:195:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("no_proxy");
data/libxml2-2.9.10+dfsg/nanoftp.c:198:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("ftp_proxy");
data/libxml2-2.9.10+dfsg/nanoftp.c:202:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("FTP_PROXY");
data/libxml2-2.9.10+dfsg/nanoftp.c:207:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("ftp_proxy_user");
data/libxml2-2.9.10+dfsg/nanoftp.c:211:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("ftp_proxy_password");
data/libxml2-2.9.10+dfsg/nanohttp.c:236:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("no_proxy");
data/libxml2-2.9.10+dfsg/nanohttp.c:239:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("http_proxy");
data/libxml2-2.9.10+dfsg/nanohttp.c:244:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("HTTP_PROXY");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:779:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv(pathvar);
data/libxml2-2.9.10+dfsg/threads.c:299:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&tok->cs);
data/libxml2-2.9.10+dfsg/threads.c:368:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&tok->cs);
data/libxml2-2.9.10+dfsg/threads.c:448:9: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(cs);
data/libxml2-2.9.10+dfsg/threads.c:469:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(global_init_lock);
data/libxml2-2.9.10+dfsg/threads.c:713:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cleanup_helpers_cs);
data/libxml2-2.9.10+dfsg/threads.c:889:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&cleanup_helpers_cs);
data/libxml2-2.9.10+dfsg/threads.c:921:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cleanup_helpers_cs);
data/libxml2-2.9.10+dfsg/threads.c:1031:21: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cleanup_helpers_cs);
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.c:57:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv( const char *varname )
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h:38:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv( const char *varname );
data/libxml2-2.9.10+dfsg/xmlIO.c:2012:18: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
dump_name = tempnam( NULL, "lxml" );
data/libxml2-2.9.10+dfsg/xmllint.c:3481:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
catal = getenv("SGML_CATALOG_FILES");
data/libxml2-2.9.10+dfsg/xmllint.c:3503:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
indent = getenv("XMLLINT_INDENT");
data/libxml2-2.9.10+dfsg/xmlmemory.c:982:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
breakpoint = getenv("XML_MEM_BREAKPOINT");
data/libxml2-2.9.10+dfsg/xmlmemory.c:988:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
breakpoint = getenv("XML_MEM_TRACE");
data/libxml2-2.9.10+dfsg/HTMLparser.c:546:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[150];
data/libxml2-2.9.10+dfsg/HTMLparser.c:2046:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[16];
data/libxml2-2.9.10+dfsg/HTMLparser.c:2063:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cp, len);
data/libxml2-2.9.10+dfsg/HTMLparser.c:2145:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[16];
data/libxml2-2.9.10+dfsg/HTMLparser.c:2162:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cp, len);
data/libxml2-2.9.10+dfsg/HTMLparser.c:4947:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sax, &htmlDefaultSAXHandler, sizeof(xmlSAXHandlerV1));
data/libxml2-2.9.10+dfsg/HTMLparser.c:6227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, sax, sizeof(htmlSAXHandler));
data/libxml2-2.9.10+dfsg/HTMLparser.c:6882:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, &htmlDefaultSAXHandler, sizeof(xmlSAXHandlerV1));
data/libxml2-2.9.10+dfsg/HTMLtree.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newcontent[100];
data/libxml2-2.9.10+dfsg/SAX2.c:1887:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, str, len);
data/libxml2-2.9.10+dfsg/SAX2.c:2627:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lastChild->content[ctxt->nodelen], ch, len);
data/libxml2-2.9.10+dfsg/buf.c:838:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rebuf, buf->content, buf->use);
data/libxml2-2.9.10+dfsg/catalog.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char XML_XML_DEFAULT_CATALOG[256] = "file:///etc/xml/catalog";
data/libxml2-2.9.10+dfsg/catalog.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *catalTab[XML_MAX_SGML_CATA_DEPTH]; /* stack of catals */
data/libxml2-2.9.10+dfsg/catalog.c:984:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/libxml2-2.9.10+dfsg/catalog.c:986:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(filename, "rb")) == NULL)
data/libxml2-2.9.10+dfsg/catalog.c:3134:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libxml2-2.9.10+dfsg/chvalid.c:25:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char xmlIsPubidChar_tab[256] = {
data/libxml2-2.9.10+dfsg/debugXML.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[101]; /* used for indenting */
data/libxml2-2.9.10+dfsg/debugXML.c:627:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5001];
data/libxml2-2.9.10+dfsg/debugXML.c:2548:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen((char *) filename, "w");
data/libxml2-2.9.10+dfsg/debugXML.c:2805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[500] = "/ > ";
data/libxml2-2.9.10+dfsg/debugXML.c:2807:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100];
data/libxml2-2.9.10+dfsg/debugXML.c:2808:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[400];
data/libxml2-2.9.10+dfsg/debugXML.c:2964:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[500];
data/libxml2-2.9.10+dfsg/debugXML.c:3160:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[500];
data/libxml2-2.9.10+dfsg/dict.c:286:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool->free, name, namelen);
data/libxml2-2.9.10+dfsg/dict.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool->free, prefix, plen);
data/libxml2-2.9.10+dfsg/dict.c:357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pool->free, name, namelen);
data/libxml2-2.9.10+dfsg/dict.c:721:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dict->dict[key]), &(olddict[i]), sizeof(xmlDictEntry));
data/libxml2-2.9.10+dfsg/dict.c:763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dict->dict[key]), iter, sizeof(xmlDictEntry));
data/libxml2-2.9.10+dfsg/doc/examples/io1.c:93:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, ptr, len);
data/libxml2-2.9.10+dfsg/doc/examples/parse4.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[4];
data/libxml2-2.9.10+dfsg/doc/examples/parse4.c:120:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
desc = fopen(argv[1], "rb");
data/libxml2-2.9.10+dfsg/doc/examples/testWriter.c:603:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "w");
data/libxml2-2.9.10+dfsg/doc/examples/tree2.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libxml2-2.9.10+dfsg/doc/examples/tree2.c:83:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "node%d", i);
data/libxml2-2.9.10+dfsg/doc/examples/tree2.c:86:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "node%d%d", i, j);
data/libxml2-2.9.10+dfsg/encoding.c:376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, inb, len);
data/libxml2-2.9.10+dfsg/encoding.c:1000:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xmlFree((char *) xmlCharEncodingAliases[i].name);
data/libxml2-2.9.10+dfsg/encoding.c:1002:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xmlFree((char *) xmlCharEncodingAliases[i].alias);
data/libxml2-2.9.10+dfsg/encoding.c:1021:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper[100];
data/libxml2-2.9.10+dfsg/encoding.c:1059:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper[100];
data/libxml2-2.9.10+dfsg/encoding.c:1091:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xmlFree((char *) xmlCharEncodingAliases[i].name);
data/libxml2-2.9.10+dfsg/encoding.c:1127:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xmlFree((char *) xmlCharEncodingAliases[i].name);
data/libxml2-2.9.10+dfsg/encoding.c:1128:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
xmlFree((char *) xmlCharEncodingAliases[i].alias);
data/libxml2-2.9.10+dfsg/encoding.c:1153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper[500];
data/libxml2-2.9.10+dfsg/encoding.c:1323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper[500];
data/libxml2-2.9.10+dfsg/encoding.c:1653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper[100];
data/libxml2-2.9.10+dfsg/encoding.c:2170:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/encoding.c:2268:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/encoding.c:2355:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/encoding.c:2524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/encoding.c:2688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/encoding.c:2818:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char convbuf[32000];
data/libxml2-2.9.10+dfsg/encoding.c:3058:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_2 [48 + 6 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3107:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_3 [48 + 7 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3160:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_4 [48 + 6 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3209:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_5 [48 + 6 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3258:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_6 [48 + 5 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3303:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_7 [48 + 7 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3356:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_8 [48 + 7 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3409:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_9 [48 + 5 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3454:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_10 [48 + 7 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3507:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_11 [48 + 6 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3556:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_13 [48 + 7 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3609:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_14 [48 + 10 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3674:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_15 [48 + 6 * 64] = {
data/libxml2-2.9.10+dfsg/encoding.c:3723:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const xmltranscodetable_ISO8859_16 [48 + 9 * 64] = {
data/libxml2-2.9.10+dfsg/entities.c:670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11], *ptr;
data/libxml2-2.9.10+dfsg/entities.c:729:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11], *ptr;
data/libxml2-2.9.10+dfsg/hash.c:276:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(table->table[key]), &(oldtable[i]), sizeof(xmlHashEntry));
data/libxml2-2.9.10+dfsg/hash.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(table->table[key]), iter, sizeof(xmlHashEntry));
data/libxml2-2.9.10+dfsg/hash.c:1132:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(table->table[key]), entry, sizeof(xmlHashEntry));
data/libxml2-2.9.10+dfsg/include/libxml/chvalid.h:191:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XMLPUBVAR const unsigned char xmlIsPubidChar_tab[256];
data/libxml2-2.9.10+dfsg/nanoftp.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char controlBuf[FTP_BUF_SIZE + 1];
data/libxml2-2.9.10+dfsg/nanoftp.c:759:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/libxml2-2.9.10+dfsg/nanoftp.c:787:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/libxml2-2.9.10+dfsg/nanoftp.c:821:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/libxml2-2.9.10+dfsg/nanoftp.c:911:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
data/libxml2-2.9.10+dfsg/nanoftp.c:916:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ctxt->ftpAddr, tmp->ai_addr, tmp->ai_addrlen);
data/libxml2-2.9.10+dfsg/nanoftp.c:944:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in *)&ctxt->ftpAddr)->sin_addr,
data/libxml2-2.9.10+dfsg/nanoftp.c:1015:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/libxml2-2.9.10+dfsg/nanoftp.c:1277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/libxml2-2.9.10+dfsg/nanoftp.c:1326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/libxml2-2.9.10+dfsg/nanoftp.c:1376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200], *cur;
data/libxml2-2.9.10+dfsg/nanoftp.c:1379:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ad[6], *adp, *portp;
data/libxml2-2.9.10+dfsg/nanoftp.c:1451:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in6 *)&dataAddr)->sin6_addr, &((struct sockaddr_in6 *)&ctxt->ftpAddr)->sin6_addr, sizeof(struct in6_addr));
data/libxml2-2.9.10+dfsg/nanoftp.c:1467:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in *)&dataAddr)->sin_addr, &ad[0], 4);
data/libxml2-2.9.10+dfsg/nanoftp.c:1468:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&((struct sockaddr_in *)&dataAddr)->sin_port, &ad[4], 2);
data/libxml2-2.9.10+dfsg/nanoftp.c:1499:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf6[INET6_ADDRSTRLEN];
data/libxml2-2.9.10+dfsg/nanoftp.c:1600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[151];
data/libxml2-2.9.10+dfsg/nanoftp.c:1601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attrib[11];
data/libxml2-2.9.10+dfsg/nanoftp.c:1602:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char owner[11];
data/libxml2-2.9.10+dfsg/nanoftp.c:1603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[11];
data/libxml2-2.9.10+dfsg/nanoftp.c:1604:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[4];
data/libxml2-2.9.10+dfsg/nanoftp.c:1729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096 + 1];
data/libxml2-2.9.10+dfsg/nanoftp.c:1838:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/libxml2-2.9.10+dfsg/nanoftp.c:1904:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libxml2-2.9.10+dfsg/nanoftp.c:2096:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen("/tmp/tstdata", "w");
data/libxml2-2.9.10+dfsg/nanohttp.c:661:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libxml2-2.9.10+dfsg/nanohttp.c:1096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sockin, res->ai_addr, res->ai_addrlen);
data/libxml2-2.9.10+dfsg/nanohttp.c:1106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&sockin6, res->ai_addr, res->ai_addrlen);
data/libxml2-2.9.10+dfsg/nanohttp.c:1184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ia, h->h_addr_list[i], h->h_length);
data/libxml2-2.9.10+dfsg/nanohttp.c:1196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ia6, h->h_addr_list[i], h->h_length);
data/libxml2-2.9.10+dfsg/nanohttp.c:1316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, ctxt->inrptr, len);
data/libxml2-2.9.10+dfsg/nanohttp.c:1646:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_CREAT | O_WRONLY, 00644);
data/libxml2-2.9.10+dfsg/nanohttp.c:1692:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_CREAT | O_WRONLY, 0666);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:86:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_ERR_STR + 1]; /* Error string buffer. */
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:302:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtvmbuf[30000];
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:331:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q->str, cp, i);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:393:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path + pathlen, tail, i);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:413:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAXPATHLEN + 1];
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:414:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAXPATHLEN + 1];
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:482:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buf1, l1 + 1);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:495:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathbuf[sizeof(Qlg_Path_Name_T) + _QP0L_DIR_NAME_LG + 4];
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:657:25: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Lib_Name, "QSYS");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:707:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Mbr_Type, "*MBR");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:713:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Lib_Type, "*LIB");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:716:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Obj_Type, "*FILE");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:826:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Obj_Type, "*SRVPGM"); /* Set our object type. */
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:871:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Lib_Type, "*LIB");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:872:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Obj_Type, "*SRVPGM");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:886:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Lib_Type, "*LIB");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:887:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qsysinfo->Obj_Type, "*SRVPGM");
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:930:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[100];
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:1057:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actmarkstr[2 * sizeof actmark + 1];
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:251:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "IBMCCSID%05u0000000", ccsid);
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:260:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromcode[33];
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:261:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tocode[33];
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:389:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:783:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lp->l_symbol, name, len);
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:1695:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:1878:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbuf[20];
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:1926:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[3], "w+");
data/libxml2-2.9.10+dfsg/os400/iconv/iconv.c:89:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "IBMCCSID%05u0000000", ccsid);
data/libxml2-2.9.10+dfsg/os400/iconv/iconv.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromibmccsid[33];
data/libxml2-2.9.10+dfsg/os400/iconv/iconv.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toibmccsid[33];
data/libxml2-2.9.10+dfsg/os400/libxmlmain.c:44:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummybuf[128];
data/libxml2-2.9.10+dfsg/os400/libxmlmain.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tocode[32];
data/libxml2-2.9.10+dfsg/os400/libxmlmain.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromcode[32];
data/libxml2-2.9.10+dfsg/os400/rpgsupport.c:202:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, list[0], argsize);
data/libxml2-2.9.10+dfsg/os400/wrappers.c:64:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, cp2, i + 1);
data/libxml2-2.9.10+dfsg/os400/xmlcatlgcl.c:18:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[5000];
data/libxml2-2.9.10+dfsg/os400/xmlcatlgcl.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[5000];
data/libxml2-2.9.10+dfsg/os400/xmlcatlgcl.c:34:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _pad[itemsize]; \
data/libxml2-2.9.10+dfsg/os400/xmlcatlgcl.c:89:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->string + dst->len, src, len);
data/libxml2-2.9.10+dfsg/os400/xmllintcl.c:18:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[5000];
data/libxml2-2.9.10+dfsg/os400/xmllintcl.c:25:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[5000];
data/libxml2-2.9.10+dfsg/os400/xmllintcl.c:34:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _pad[itemsize]; \
data/libxml2-2.9.10+dfsg/os400/xmllintcl.c:73:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->string + dst->len, src, len);
data/libxml2-2.9.10+dfsg/os400/xmllintcl.c:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[20];
data/libxml2-2.9.10+dfsg/parser.c:2040:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( ((unsigned char *) s)[ 0 ] == c1 && ((unsigned char *) s)[ 1 ] == c2 && \
data/libxml2-2.9.10+dfsg/parser.c:2040:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( ((unsigned char *) s)[ 0 ] == c1 && ((unsigned char *) s)[ 1 ] == c2 && \
data/libxml2-2.9.10+dfsg/parser.c:2041:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) s)[ 2 ] == c3 && ((unsigned char *) s)[ 3 ] == c4 )
data/libxml2-2.9.10+dfsg/parser.c:2041:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) s)[ 2 ] == c3 && ((unsigned char *) s)[ 3 ] == c4 )
data/libxml2-2.9.10+dfsg/parser.c:2043:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( CMP4( s, c1, c2, c3, c4 ) && ((unsigned char *) s)[ 4 ] == c5 )
data/libxml2-2.9.10+dfsg/parser.c:2045:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( CMP5( s, c1, c2, c3, c4, c5 ) && ((unsigned char *) s)[ 5 ] == c6 )
data/libxml2-2.9.10+dfsg/parser.c:2047:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( CMP6( s, c1, c2, c3, c4, c5, c6 ) && ((unsigned char *) s)[ 6 ] == c7 )
data/libxml2-2.9.10+dfsg/parser.c:2049:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( CMP7( s, c1, c2, c3, c4, c5, c6, c7 ) && ((unsigned char *) s)[ 7 ] == c8 )
data/libxml2-2.9.10+dfsg/parser.c:2052:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) s)[ 8 ] == c9 )
data/libxml2-2.9.10+dfsg/parser.c:2055:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *) s)[ 9 ] == c10 )
data/libxml2-2.9.10+dfsg/parser.c:2950:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, buf, len);
data/libxml2-2.9.10+dfsg/parser.c:3029:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, buf, len);
data/libxml2-2.9.10+dfsg/parser.c:3566:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, buf, len);
data/libxml2-2.9.10+dfsg/parser.c:3662:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, buf, len);
data/libxml2-2.9.10+dfsg/parser.c:4327:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_char_data[256] = {
data/libxml2-2.9.10+dfsg/parser.c:4918:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[len], ctxt->input->cur, nbchar);
data/libxml2-2.9.10+dfsg/parser.c:12095:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[150];
data/libxml2-2.9.10+dfsg/parser.c:12410:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, sax, sizeof(xmlSAXHandler));
data/libxml2-2.9.10+dfsg/parser.c:12412:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, sax, sizeof(xmlSAXHandlerV1));
data/libxml2-2.9.10+dfsg/parser.c:12569:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, sax, sizeof(xmlSAXHandler));
data/libxml2-2.9.10+dfsg/parser.c:12571:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, sax, sizeof(xmlSAXHandlerV1));
data/libxml2-2.9.10+dfsg/parserInternals.c:555:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[150];
data/libxml2-2.9.10+dfsg/parserInternals.c:721:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[150];
data/libxml2-2.9.10+dfsg/parserInternals.c:834:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[150];
data/libxml2-2.9.10+dfsg/python/libxml.c:325:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, len);
data/libxml2-2.9.10+dfsg/python/libxml.c:327:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, lenread);
data/libxml2-2.9.10+dfsg/python/libxml.c:390:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, len);
data/libxml2-2.9.10+dfsg/python/libxml.c:392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, lenread);
data/libxml2-2.9.10+dfsg/python/libxml.c:920:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
attrname = PY_IMPORT_STRING((char *) attrs[i]);
data/libxml2-2.9.10+dfsg/python/libxml.c:923:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
attrvalue = PY_IMPORT_STRING((char *) attrs[i]);
data/libxml2-2.9.10+dfsg/python/libxml.c:1135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libxml2-2.9.10+dfsg/python/libxml.c:1161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libxml2-2.9.10+dfsg/python/libxml.c:1187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libxml2-2.9.10+dfsg/python/libxml.c:1622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1000];
data/libxml2-2.9.10+dfsg/relaxng.c:1255:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->attrs, attrs, sizeof(xmlAttrPtr) * nbAttrs);
data/libxml2-2.9.10+dfsg/relaxng.c:1303:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, state, sizeof(xmlRelaxNGValidState));
data/libxml2-2.9.10+dfsg/relaxng.c:1329:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->attrs, state->attrs,
data/libxml2-2.9.10+dfsg/relaxng.c:2105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1000];
data/libxml2-2.9.10+dfsg/relaxng.c:4520:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/libxml2-2.9.10+dfsg/relaxng.c:5855:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[32];
data/libxml2-2.9.10+dfsg/relaxng.c:5960:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[32];
data/libxml2-2.9.10+dfsg/runsuite.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/libxml2-2.9.10+dfsg/runsuite.c:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *testEntitiesName[MAX_ENTITIES];
data/libxml2-2.9.10+dfsg/runsuite.c:97:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *testEntitiesValue[MAX_ENTITIES];
data/libxml2-2.9.10+dfsg/runsuite.c:137:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ret->filename = (const char *)
data/libxml2-2.9.10+dfsg/runsuite.c:163:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testErrors[32769];
data/libxml2-2.9.10+dfsg/runsuite.c:1038:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(LOGFILE, "w");
data/libxml2-2.9.10+dfsg/runtest.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[500];
data/libxml2-2.9.10+dfsg/runtest.c:246:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testErrors[32769];
data/libxml2-2.9.10+dfsg/runtest.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[500];
data/libxml2-2.9.10+dfsg/runtest.c:569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffixbuff[500];
data/libxml2-2.9.10+dfsg/runtest.c:615:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes1[4096];
data/libxml2-2.9.10+dfsg/runtest.c:616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes2[4096];
data/libxml2-2.9.10+dfsg/runtest.c:619:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd1 = open(r1, RD_FLAGS);
data/libxml2-2.9.10+dfsg/runtest.c:622:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2 = open(r2, WR_FLAGS, 0644);
data/libxml2-2.9.10+dfsg/runtest.c:640:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd1 = open(r1, RD_FLAGS);
data/libxml2-2.9.10+dfsg/runtest.c:643:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd2 = open(r2, RD_FLAGS);
data/libxml2-2.9.10+dfsg/runtest.c:672:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4096];
data/libxml2-2.9.10+dfsg/runtest.c:677:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, WR_FLAGS, 0644);
data/libxml2-2.9.10+dfsg/runtest.c:696:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, RD_FLAGS);
data/libxml2-2.9.10+dfsg/runtest.c:735:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, RD_FLAGS)) < 0) {
data/libxml2-2.9.10+dfsg/runtest.c:1226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[40];
data/libxml2-2.9.10+dfsg/runtest.c:1268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[40];
data/libxml2-2.9.10+dfsg/runtest.c:1586:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[40];
data/libxml2-2.9.10+dfsg/runtest.c:1616:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[40];
data/libxml2-2.9.10+dfsg/runtest.c:1637:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[40];
data/libxml2-2.9.10+dfsg/runtest.c:1707:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SAXdebug = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:1726:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, emptySAXHandler, sizeof(xmlSAXHandler));
data/libxml2-2.9.10+dfsg/runtest.c:1751:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, debugSAXHandler, sizeof(xmlSAXHandler));
data/libxml2-2.9.10+dfsg/runtest.c:1754:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctxt->sax, debugSAX2Handler, sizeof(xmlSAXHandler));
data/libxml2-2.9.10+dfsg/runtest.c:2185:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:2405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expression[5000];
data/libxml2-2.9.10+dfsg/runtest.c:2414:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xpathOutput = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:2421:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/runtest.c:2493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[500];
data/libxml2-2.9.10+dfsg/runtest.c:2494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/libxml2-2.9.10+dfsg/runtest.c:2545:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[500];
data/libxml2-2.9.10+dfsg/runtest.c:2546:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/libxml2-2.9.10+dfsg/runtest.c:2613:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xpathOutput = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:2703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libxml2-2.9.10+dfsg/runtest.c:2711:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:2717:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/runtest.c:2921:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, ptr, len);
data/libxml2-2.9.10+dfsg/runtest.c:3015:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
schemasOutput = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:3079:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[500];
data/libxml2-2.9.10+dfsg/runtest.c:3080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[500];
data/libxml2-2.9.10+dfsg/runtest.c:3081:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/libxml2-2.9.10+dfsg/runtest.c:3082:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[500];
data/libxml2-2.9.10+dfsg/runtest.c:3108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, base, len);
data/libxml2-2.9.10+dfsg/runtest.c:3116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, base, len);
data/libxml2-2.9.10+dfsg/runtest.c:3186:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
schemasOutput = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:3252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[500];
data/libxml2-2.9.10+dfsg/runtest.c:3253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[500];
data/libxml2-2.9.10+dfsg/runtest.c:3254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/libxml2-2.9.10+dfsg/runtest.c:3255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[500];
data/libxml2-2.9.10+dfsg/runtest.c:3275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, base, len);
data/libxml2-2.9.10+dfsg/runtest.c:3338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[500];
data/libxml2-2.9.10+dfsg/runtest.c:3339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[500];
data/libxml2-2.9.10+dfsg/runtest.c:3340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/libxml2-2.9.10+dfsg/runtest.c:3341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[500];
data/libxml2-2.9.10+dfsg/runtest.c:3357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, base, len);
data/libxml2-2.9.10+dfsg/runtest.c:3501:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libxml2-2.9.10+dfsg/runtest.c:3502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xml[500];
data/libxml2-2.9.10+dfsg/runtest.c:3503:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/libxml2-2.9.10+dfsg/runtest.c:3512:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xml, filename, len);
data/libxml2-2.9.10+dfsg/runtest.c:3516:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xml + len, ".xml", 5);
data/libxml2-2.9.10+dfsg/runtest.c:3526:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/runtest.c:3536:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen(temp, "wb");
data/libxml2-2.9.10+dfsg/runtest.c:3877:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/libxml2-2.9.10+dfsg/runtest.c:3878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[500];
data/libxml2-2.9.10+dfsg/runtest.c:3889:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, base, len);
data/libxml2-2.9.10+dfsg/runxmlconf.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/libxml2-2.9.10+dfsg/runxmlconf.c:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testErrors[32769];
data/libxml2-2.9.10+dfsg/runxmlconf.c:555:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(LOGFILE, "w");
data/libxml2-2.9.10+dfsg/schematron.c:1383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1000];
data/libxml2-2.9.10+dfsg/schematron.c:1459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1000];
data/libxml2-2.9.10+dfsg/testAutomata.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[5000];
data/libxml2-2.9.10+dfsg/testAutomata.c:44:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testHTML.c:378:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[40];
data/libxml2-2.9.10+dfsg/testHTML.c:421:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[40];
data/libxml2-2.9.10+dfsg/testHTML.c:442:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[40];
data/libxml2-2.9.10+dfsg/testHTML.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[40];
data/libxml2-2.9.10+dfsg/testHTML.c:631:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/testHTML.c:633:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testHTML.c:637:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[4096];
data/libxml2-2.9.10+dfsg/testHTML.c:661:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/testHTML.c:663:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testHTML.c:667:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[4096];
data/libxml2-2.9.10+dfsg/testHTML.c:725:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/testHTML.c:727:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testHTML.c:731:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[4096];
data/libxml2-2.9.10+dfsg/testRegexp.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expression[5000];
data/libxml2-2.9.10+dfsg/testRegexp.c:43:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testRegexp.c:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expression[5000];
data/libxml2-2.9.10+dfsg/testRegexp.c:97:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testRegexp.c:220:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *list[40];
data/libxml2-2.9.10+dfsg/testRelax.c:94:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[i], O_RDONLY)) < 0)
data/libxml2-2.9.10+dfsg/testSAX.c:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[40];
data/libxml2-2.9.10+dfsg/testSAX.c:697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[40];
data/libxml2-2.9.10+dfsg/testSAX.c:1016:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/testSAX.c:1018:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testSAX.c:1022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[10];
data/libxml2-2.9.10+dfsg/testSAX.c:1045:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/testSAX.c:1047:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testSAX.c:1051:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[10];
data/libxml2-2.9.10+dfsg/testSchemas.c:90:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(argv[i], O_RDONLY)) < 0)
data/libxml2-2.9.10+dfsg/testURI.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libxml2-2.9.10+dfsg/testXPath.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expression[5000];
data/libxml2-2.9.10+dfsg/testXPath.c:121:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/testapi.c:378:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (no == 0) return(fopen("test.out", "a+"));
data/libxml2-2.9.10+dfsg/testapi.c:387:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return(fopen("test.out", "a+"));
data/libxml2-2.9.10+dfsg/testchar.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char document1[100] = "<doc>XXXX</doc>";
data/libxml2-2.9.10+dfsg/testchar.c:24:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char document2[100] = "<doc foo='XXXX'/>";
data/libxml2-2.9.10+dfsg/testchar.c:349:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lows[6] = {0, 0x80, 0x81, 0xC1, 0xFF, 0xBF};
data/libxml2-2.9.10+dfsg/testchar.c:435:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lows[6] = {0, 0x80, 0x81, 0xC1, 0xFF, 0xBF};
data/libxml2-2.9.10+dfsg/testchar.c:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[5];
data/libxml2-2.9.10+dfsg/testlimits.c:155:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filling[CHUNK + 1];
data/libxml2-2.9.10+dfsg/testlimits.c:190:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:195:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:203:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:207:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &filling[0], len);
data/libxml2-2.9.10+dfsg/testlimits.c:337:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:341:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:349:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:353:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testlimits.c:359:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &filling[0], len);
data/libxml2-2.9.10+dfsg/testlimits.c:402:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testErrors[32769];
data/libxml2-2.9.10+dfsg/testrecurse.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[500];
data/libxml2-2.9.10+dfsg/testrecurse.c:248:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testrecurse.c:261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, current, len);
data/libxml2-2.9.10+dfsg/testrecurse.c:310:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char testErrors[32769];
data/libxml2-2.9.10+dfsg/testrecurse.c:613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[500];
data/libxml2-2.9.10+dfsg/testrecurse.c:614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffixbuff[500];
data/libxml2-2.9.10+dfsg/timsort.h:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, &dst[curr], A * sizeof(SORT_TYPE));
data/libxml2-2.9.10+dfsg/timsort.h:402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, &dst[curr + A], B * sizeof(SORT_TYPE));
data/libxml2-2.9.10+dfsg/tree.c:243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[0], prefix, lenp);
data/libxml2-2.9.10+dfsg/tree.c:245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[lenp + 1], ncname, lenn);
data/libxml2-2.9.10+dfsg/tree.c:4689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nametemp[100];
data/libxml2-2.9.10+dfsg/tree.c:7493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rebuf, buf->content, buf->use);
data/libxml2-2.9.10+dfsg/tree.c:8547:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/trio.c:685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_name[MAX_USER_NAME];
data/libxml2-2.9.10+dfsg/trio.c:686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_data[MAX_USER_DATA];
data/libxml2-2.9.10+dfsg/trio.c:780:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char internalDecimalPointString[MAX_LOCALE_SEPARATOR_LENGTH + 1] = ".";
data/libxml2-2.9.10+dfsg/trio.c:781:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char internalThousandSeparator[MAX_LOCALE_SEPARATOR_LENGTH + 1] = ",";
data/libxml2-2.9.10+dfsg/trio.c:782:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char internalGrouping[MAX_LOCALE_GROUPS] = { (char)NO_GROUPING };
data/libxml2-2.9.10+dfsg/trio.c:790:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char internalCollationArray[MAX_CHARACTER_CLASS][MAX_CHARACTER_CLASS];
data/libxml2-2.9.10+dfsg/trio.c:1972:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
: (char *)(argarray[num]);
data/libxml2-2.9.10+dfsg/trio.c:1998:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(trio_pointer_t)((char *)argarray[num]);
data/libxml2-2.9.10+dfsg/trio.c:2084:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
parameters[i].data.number.as_unsigned = (trio_uintmax_t)(*((char *)argarray[num]));
data/libxml2-2.9.10+dfsg/trio.c:2195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_CHARS_IN(trio_uintmax_t) * (1 + MAX_LOCALE_SEPARATOR_LENGTH) + 1];
data/libxml2-2.9.10+dfsg/trio.c:2514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MB_LEN_MAX + 1];
data/libxml2-2.9.10+dfsg/trio.c:5154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[2];
data/libxml2-2.9.10+dfsg/trio.c:5155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char second[2];
data/libxml2-2.9.10+dfsg/trio.c:5685:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MB_LEN_MAX + 1];
data/libxml2-2.9.10+dfsg/trio.c:5827:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doubleString[512];
data/libxml2-2.9.10+dfsg/trio.c:6012:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(internalNullString)];
data/libxml2-2.9.10+dfsg/uri.c:2325:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vptr, uptr + 1, len - 1);
data/libxml2-2.9.10+dfsg/uri.c:2328:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (vptr, uptr, len);
data/libxml2-2.9.10+dfsg/valid.c:570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[5000];
data/libxml2-2.9.10+dfsg/valid.c:843:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[5000];
data/libxml2-2.9.10+dfsg/valid.c:1304:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:1310:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "#PCDATA");
data/libxml2-2.9.10+dfsg/valid.c:1318:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:1338:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:1341:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " , ");
data/libxml2-2.9.10+dfsg/valid.c:1358:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:1361:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " | ");
data/libxml2-2.9.10+dfsg/valid.c:5235:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:5243:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:5251:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ...");
data/libxml2-2.9.10+dfsg/valid.c:5264:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "CDATA");
data/libxml2-2.9.10+dfsg/valid.c:5278:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "???");
data/libxml2-2.9.10+dfsg/valid.c:5523:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expr[5000];
data/libxml2-2.9.10+dfsg/valid.c:5524:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[5000];
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.c:32:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char *filename,int oflag, ...)
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[3]; /* mode[0] ="w/r/a" mode[1]="+" */
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.c:40:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (int) fopen(filename, mode);
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h:36:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char *filename,int oflag, ...);
data/libxml2-2.9.10+dfsg/xmlIO.c:207:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, u8String,
data/libxml2-2.9.10+dfsg/xmlIO.c:212:21: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (MultiByteToWideChar
data/libxml2-2.9.10+dfsg/xmlIO.c:595:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, mode ? "wb" : "rb");
data/libxml2-2.9.10+dfsg/xmlIO.c:842:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, "r");
data/libxml2-2.9.10+dfsg/xmlIO.c:915:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, "w");
data/libxml2-2.9.10+dfsg/xmlIO.c:917:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, "wb");
data/libxml2-2.9.10+dfsg/xmlIO.c:1149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[15];
data/libxml2-2.9.10+dfsg/xmlIO.c:1997:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ 4096 ];
data/libxml2-2.9.10+dfsg/xmlIO.c:2016:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tst_file = fopen( buffer, "wb" );
data/libxml2-2.9.10+dfsg/xmlIO.c:2027:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tst_file = fopen( buffer, "wb" );
data/libxml2-2.9.10+dfsg/xmlIO.c:2576:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cptr, buff4[4];
data/libxml2-2.9.10+dfsg/xmlIO.c:3736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[1024];
data/libxml2-2.9.10+dfsg/xmlcatalog.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_read[501];
data/libxml2-2.9.10+dfsg/xmlcatalog.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, line_read, len + 1);
data/libxml2-2.9.10+dfsg/xmlcatalog.c:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100];
data/libxml2-2.9.10+dfsg/xmlcatalog.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[400];
data/libxml2-2.9.10+dfsg/xmlcatalog.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[20];
data/libxml2-2.9.10+dfsg/xmlcatalog.c:497:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(argv[i + 1], "w");
data/libxml2-2.9.10+dfsg/xmlcatalog.c:512:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(XML_SGML_DEFAULT_CATALOG, "w");
data/libxml2-2.9.10+dfsg/xmlcatalog.c:599:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(filename, "w");
data/libxml2-2.9.10+dfsg/xmllint.c:525:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[50000];
data/libxml2-2.9.10+dfsg/xmllint.c:796:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_read[501];
data/libxml2-2.9.10+dfsg/xmllint.c:809:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ret, line_read, len + 1);
data/libxml2-2.9.10+dfsg/xmllint.c:1284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[40];
data/libxml2-2.9.10+dfsg/xmllint.c:1326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[40];
data/libxml2-2.9.10+dfsg/xmllint.c:1826:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/libxml2-2.9.10+dfsg/xmllint.c:2192:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/xmllint.c:2194:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/xmllint.c:2196:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/xmllint.c:2200:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[4096];
data/libxml2-2.9.10+dfsg/xmllint.c:2226:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/libxml2-2.9.10+dfsg/xmllint.c:2260:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/xmllint.c:2262:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/xmllint.c:2264:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/xmllint.c:2270:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[1024];
data/libxml2-2.9.10+dfsg/xmllint.c:2303:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/xmllint.c:2305:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libxml2-2.9.10+dfsg/xmllint.c:2307:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libxml2-2.9.10+dfsg/xmllint.c:2346:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/libxml2-2.9.10+dfsg/xmllint.c:2497:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
fprintf(stderr, "%s\n", (char *) list[i]);
data/libxml2-2.9.10+dfsg/xmllint.c:2543:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(output,"wb");
data/libxml2-2.9.10+dfsg/xmllint.c:2665:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(output,"wb");
data/libxml2-2.9.10+dfsg/xmllint.c:2717:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(output,"wb");
data/libxml2-2.9.10+dfsg/xmllint.c:3385:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
format = atoi(argv[i]);
data/libxml2-2.9.10+dfsg/xmlmemory.c:698:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(".memorylist", "w");
data/libxml2-2.9.10+dfsg/xmlmemory.c:764:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/libxml2-2.9.10+dfsg/xmlmemory.c:771:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(".memorylist", "w");
data/libxml2-2.9.10+dfsg/xmlmemory.c:938:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump = fopen(".memdump", "w");
data/libxml2-2.9.10+dfsg/xmlmodule.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/libxml2-2.9.10+dfsg/xmlreader.c:68:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define VA_COPY(dest,src) memcpy((char *)(dest),(char *)(src),sizeof(va_list))
data/libxml2-2.9.10+dfsg/xmlreader.c:5807:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intmp[4], outtmp[4]; /* temporary buffers for the convert */
data/libxml2-2.9.10+dfsg/xmlreader.c:5911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[100];
data/libxml2-2.9.10+dfsg/xmlreader.c:5913:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output2[100];
data/libxml2-2.9.10+dfsg/xmlreader.c:5915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output3[100];
data/libxml2-2.9.10+dfsg/xmlregexp.c:3161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exec->rollbacks[exec->nbRollbacks].counts, exec->counts,
data/libxml2-2.9.10+dfsg/xmlregexp.c:3187:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exec->counts, exec->rollbacks[exec->nbRollbacks].counts,
data/libxml2-2.9.10+dfsg/xmlregexp.c:4060:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exec->errCounts, exec->counts,
data/libxml2-2.9.10+dfsg/xmlregexp.c:4109:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(exec->errCounts, exec->counts,
data/libxml2-2.9.10+dfsg/xmlregexp.c:4200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[0], value, lenp);
data/libxml2-2.9.10+dfsg/xmlregexp.c:4202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[lenp + 1], value2, lenn);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5790:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[0], token, lenp);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5792:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[lenp + 1], token2, lenn);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5852:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[0], token, lenp);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5854:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[lenp + 1], token2, lenn);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5922:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[0], token, lenp);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5924:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[lenp + 1], token2, lenn);
data/libxml2-2.9.10+dfsg/xmlregexp.c:6077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[0], token, lenp);
data/libxml2-2.9.10+dfsg/xmlregexp.c:6079:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str[lenp + 1], token2, lenn);
data/libxml2-2.9.10+dfsg/xmlregexp.c:8098:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rep[40];
data/libxml2-2.9.10+dfsg/xmlsave.c:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent[MAX_INDENT + 1]; /* array for indenting output */
data/libxml2-2.9.10+dfsg/xmlsave.c:345:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctxt->indent[i * ctxt->indent_size], xmlTreeIndentString,
data/libxml2-2.9.10+dfsg/xmlsave.c:2097:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[12];
data/libxml2-2.9.10+dfsg/xmlschemas.c:2683:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len[25], actLen[25];
data/libxml2-2.9.10+dfsg/xmlschemas.c:4313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xmlschemas.c:9213:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/libxml2-2.9.10+dfsg/xmlschemas.c:12133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/libxml2-2.9.10+dfsg/xmlschemas.c:18212:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/libxml2-2.9.10+dfsg/xmlschemas.c:23769:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parBind->nodeTable, bind->nodeTable,
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:3677:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, v, sizeof(xmlSchemaVal));
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5632:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[DBL_DIG + EXPONENT_DIGITS + 3];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5875:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5949:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[35];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5964:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5993:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:6021:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:6061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:6073:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/libxml2-2.9.10+dfsg/xmlstring.c:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, cur, len * sizeof(xmlChar));
data/libxml2-2.9.10+dfsg/xmlstring.c:467:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[size], add, len * sizeof(xmlChar));
data/libxml2-2.9.10+dfsg/xmlstring.c:507:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, str1, size * sizeof(xmlChar));
data/libxml2-2.9.10+dfsg/xmlstring.c:508:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[size], str2, len * sizeof(xmlChar));
data/libxml2-2.9.10+dfsg/xmlstring.c:879:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, utf, i * sizeof(xmlChar));
data/libxml2-2.9.10+dfsg/xmlwriter.c:48:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define VA_COPY(dest,src) memcpy((char *)(dest),(char *)(src),sizeof(va_list))
data/libxml2-2.9.10+dfsg/xmlwriter.c:1544:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char dtable[64] =
data/libxml2-2.9.10+dfsg/xmlwriter.c:1564:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char igroup[3];
data/libxml2-2.9.10+dfsg/xmlwriter.c:1565:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ogroup[4];
data/libxml2-2.9.10+dfsg/xmlwriter.c:1677:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hex[16] =
data/libxml2-2.9.10+dfsg/xmlwriter.c:4676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra[3];
data/libxml2-2.9.10+dfsg/xpath.c:1269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1502:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:1685:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shift[100];
data/libxml2-2.9.10+dfsg/xpath.c:3146:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[30];
data/libxml2-2.9.10+dfsg/xpath.c:3176:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[DBL_DIG + EXPONENT_DIGITS + 3 + LOWER_DOUBLE_EXP];
data/libxml2-2.9.10+dfsg/xpath.c:3857:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val1->nodeTab, val2->nodeTab,
data/libxml2-2.9.10+dfsg/xpath.c:5379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, val , (size_t) sizeof(xmlXPathObject));
data/libxml2-2.9.10+dfsg/xpath.c:5689:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libxml2-2.9.10+dfsg/xpath.c:9930:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, buf, len);
data/libxml2-2.9.10+dfsg/xzlib.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding1[32]; /* padding allowing to cope with possible
data/libxml2-2.9.10+dfsg/xzlib.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding2[32]; /* padding allowing to cope with possible
data/libxml2-2.9.10+dfsg/xzlib.c:117:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state->msg, ": ");
data/libxml2-2.9.10+dfsg/xzlib.c:161:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
state->fd = fd != -1 ? fd : open(path,
data/libxml2-2.9.10+dfsg/xzlib.c:226:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "<fd:%d>", fd); /* for debugging */
data/libxml2-2.9.10+dfsg/xzlib.c:520:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->next + state->have, strm->next_in, strm->avail_in);
data/libxml2-2.9.10+dfsg/xzlib.c:739:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state->next, n);
data/libxml2-2.9.10+dfsg/HTMLparser.c:2059:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/libxml2-2.9.10+dfsg/HTMLparser.c:2158:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/libxml2-2.9.10+dfsg/HTMLparser.c:6382:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(encoding);
data/libxml2-2.9.10+dfsg/catalog.c:1010:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, content, size);
data/libxml2-2.9.10+dfsg/catalog.c:3142:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(p, "\\..\\etc\\catalog", 255 - (p - buf));
data/libxml2-2.9.10+dfsg/catalog.c:3145:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(XML_XML_DEFAULT_CATALOG, uri, 255);
data/libxml2-2.9.10+dfsg/catalog.c:3258:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iLen = strlen((const char*)path);
data/libxml2-2.9.10+dfsg/debugXML.c:2328:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = xmlParseInNodeContext(node, value, strlen(value), 0, &results);
data/libxml2-2.9.10+dfsg/debugXML.c:3244:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(arg);
data/libxml2-2.9.10+dfsg/dict.c:876:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen((const char *) name);
data/libxml2-2.9.10+dfsg/dict.c:1014:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen((const char *) name);
data/libxml2-2.9.10+dfsg/dict.c:1125:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = len = strlen((const char *) name);
data/libxml2-2.9.10+dfsg/dict.c:1126:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen((const char *) prefix);
data/libxml2-2.9.10+dfsg/doc/examples/io1.c:55:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(result);
data/libxml2-2.9.10+dfsg/doc/examples/io1.c:124:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
doc = xmlReadMemory(include, strlen(include), "include.xml", NULL, 0);
data/libxml2-2.9.10+dfsg/doc/examples/testWriter.c:1164:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (int) strlen(in) + 1;
data/libxml2-2.9.10+dfsg/doc/tutorial/includeconvert.c:13:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (int)strlen(in)+1;
data/libxml2-2.9.10+dfsg/nanoftp.c:768:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:796:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:827:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1023:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1046:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1087:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1119:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1141:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1293:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1344:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1416:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1516:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1754:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1849:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanoftp.c:1869:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/nanohttp.c:321:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uri->server);
data/libxml2-2.9.10+dfsg/nanohttp.c:1399:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(ctxt->hostname) * 2 + 16;
data/libxml2-2.9.10+dfsg/nanohttp.c:1403:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(ctxt->hostname);
data/libxml2-2.9.10+dfsg/nanohttp.c:1419:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen += strlen(headers) + 2;
data/libxml2-2.9.10+dfsg/nanohttp.c:1422:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen += strlen(*contentType) + 16;
data/libxml2-2.9.10+dfsg/nanohttp.c:1425:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen += strlen(ctxt->query) + 1;
data/libxml2-2.9.10+dfsg/nanohttp.c:1426:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen += strlen(method) + strlen(ctxt->path) + 24;
data/libxml2-2.9.10+dfsg/nanohttp.c:1426:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen += strlen(method) + strlen(ctxt->path) + 24;
data/libxml2-2.9.10+dfsg/nanohttp.c:1489:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((blen -= strlen(bp)+1) < 0)
data/libxml2-2.9.10+dfsg/nanohttp.c:1495:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen( ctxt->out );
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:434:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(buf1);
data/libxml2-2.9.10+dfsg/os400/dlfcn/dlfcn.c:439:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = dlmakepath(buf1, l1, path, strlen(path));
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:400:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(fd, (char *) databuf, sbuf.st_size);
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:775:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1;
data/libxml2-2.9.10+dfsg/os400/iconv/bldcsndfa/bldcsndfa.c:1714:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcc = strlen(srcp);
data/libxml2-2.9.10+dfsg/os400/libxmlmain.c:52:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(tocode, "IBMCCSID01208", sizeof tocode);
data/libxml2-2.9.10+dfsg/os400/libxmlmain.c:53:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(fromcode, "IBMCCSID000000000010", sizeof fromcode);
data/libxml2-2.9.10+dfsg/os400/wrappers.c:56:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(cp2);
data/libxml2-2.9.10+dfsg/os400/xmlcatlgcl.c:99:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vary4nappend(dst, src, strlen(src));
data/libxml2-2.9.10+dfsg/os400/xmllintcl.c:83:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vary4nappend(dst, src, strlen(src));
data/libxml2-2.9.10+dfsg/parser.c:1195:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = (int) strlen((const char *)ret);
data/libxml2-2.9.10+dfsg/runtest.c:135:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory, pattern, 499);
data/libxml2-2.9.10+dfsg/runtest.c:136:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(directory);len >= 0;len--) {
data/libxml2-2.9.10+dfsg/runtest.c:159:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory + len, FindFileData.cFileName, 499 - len);
data/libxml2-2.9.10+dfsg/runtest.c:174:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory + len, FindFileData.cFileName, 499 - len);
data/libxml2-2.9.10+dfsg/runtest.c:557:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur = &filename[strlen(filename)];
data/libxml2-2.9.10+dfsg/runtest.c:584:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(suffixbuff,suffix,499);
data/libxml2-2.9.10+dfsg/runtest.c:628:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res1 = read(fd1, bytes1, 4096);
data/libxml2-2.9.10+dfsg/runtest.c:649:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res1 = read(fd1, bytes1, 4096);
data/libxml2-2.9.10+dfsg/runtest.c:650:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res2 = read(fd2, bytes2, 4096);
data/libxml2-2.9.10+dfsg/runtest.c:702:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(fd, bytes, 4096);
data/libxml2-2.9.10+dfsg/runtest.c:739:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((res = read(fd, &base[siz], info.st_size - siz)) > 0) {
data/libxml2-2.9.10+dfsg/runtest.c:1590:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((attlen = strlen((char*)att)) > 0) {
data/libxml2-2.9.10+dfsg/runtest.c:2429:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expression);
data/libxml2-2.9.10+dfsg/runtest.c:2738:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(str);
data/libxml2-2.9.10+dfsg/runtest.c:2883:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urip_rlen = strlen(urip_res);
data/libxml2-2.9.10+dfsg/runtest.c:3096:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/libxml2-2.9.10+dfsg/runtest.c:3127:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base2);
data/libxml2-2.9.10+dfsg/runtest.c:3269:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/libxml2-2.9.10+dfsg/runtest.c:3288:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base2);
data/libxml2-2.9.10+dfsg/runtest.c:3351:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/libxml2-2.9.10+dfsg/runtest.c:3379:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base2);
data/libxml2-2.9.10+dfsg/runtest.c:3510:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/libxml2-2.9.10+dfsg/runtest.c:3553:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(str);
data/libxml2-2.9.10+dfsg/runtest.c:3887:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base);
data/libxml2-2.9.10+dfsg/testAutomata.c:71:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expr);
data/libxml2-2.9.10+dfsg/testHTML.c:382:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((attlen = strlen((char*)att)) > 0) {
data/libxml2-2.9.10+dfsg/testRegexp.c:50:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expression);
data/libxml2-2.9.10+dfsg/testRegexp.c:104:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expression);
data/libxml2-2.9.10+dfsg/testURI.c:118:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(str);
data/libxml2-2.9.10+dfsg/testXPath.c:128:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(expression);
data/libxml2-2.9.10+dfsg/testapi.c:130:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy((char *) chartab, " chartab\n", 20);
data/libxml2-2.9.10+dfsg/testapi.c:1485:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:1555:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) chunk) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:1732:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:2292:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) chunk) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:2638:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:3890:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) value) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:3937:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) ch) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:4580:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) ch) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:8250:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) name) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:8309:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) name) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:12800:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) chunk) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:12981:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:13077:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) chunk) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:13791:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) chunk) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:14251:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:14666:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:14791:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:15095:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:15159:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:15277:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:16051:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:16709:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:17682:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:17961:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) data) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:18679:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:18728:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:19303:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) prefix) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:21077:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:21653:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:22199:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:22315:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:22868:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:23935:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) value) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:23984:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:27243:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) data) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:28782:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) buf) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:29011:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) mem) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:29060:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) mem) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:29148:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) buf) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:30333:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:30519:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:34559:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size > (int) strlen((const char *) buffer) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:36436:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) cur) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:36878:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str2) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:36927:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str2) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:36976:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str2) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37021:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) cur) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37106:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(start > (int) strlen((const char *) str) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) str) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37296:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) utf) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37377:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) utf) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37423:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(start > (int) strlen((const char *) utf) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:37426:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) utf) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:44741:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(start > (int) strlen((const char *) data) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:44744:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) data) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:44802:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(start > (int) strlen((const char *) data) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:44805:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) data) + 1))
data/libxml2-2.9.10+dfsg/testapi.c:45738:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(len > (int) strlen((const char *) content) + 1))
data/libxml2-2.9.10+dfsg/testchar.c:166:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte1(ctxt, &document1[0], strlen(document1),
data/libxml2-2.9.10+dfsg/testchar.c:175:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte1(ctxt, &document1[0], strlen(document1),
data/libxml2-2.9.10+dfsg/testchar.c:186:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte1(ctxt, &document2[0], strlen(document2),
data/libxml2-2.9.10+dfsg/testchar.c:195:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte1(ctxt, &document2[0], strlen(document2),
data/libxml2-2.9.10+dfsg/testchar.c:207:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte2(ctxt, &document1[0], strlen(document1),
data/libxml2-2.9.10+dfsg/testchar.c:216:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte2(ctxt, &document1[0], strlen(document1),
data/libxml2-2.9.10+dfsg/testchar.c:227:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte2(ctxt, &document2[0], strlen(document2),
data/libxml2-2.9.10+dfsg/testchar.c:236:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testDocumentRangeByte2(ctxt, &document2[0], strlen(document2),
data/libxml2-2.9.10+dfsg/testlimits.c:132:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(hugeTests[currentTest].start);
data/libxml2-2.9.10+dfsg/testlimits.c:216:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(hugeTests[currentTest].end);
data/libxml2-2.9.10+dfsg/testlimits.c:287:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (crazy_indx > strlen(crazy))
data/libxml2-2.9.10+dfsg/testlimits.c:329:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(crazy) - crazy_indx;
data/libxml2-2.9.10+dfsg/testlimits.c:362:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(crazy) - crazy_indx;
data/libxml2-2.9.10+dfsg/testlimits.c:1573:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0;i < strlen(crazy);i++) {
data/libxml2-2.9.10+dfsg/testlimits.c:1583:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0;i < strlen(crazy);i++) {
data/libxml2-2.9.10+dfsg/testrecurse.c:84:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory, pattern, 499);
data/libxml2-2.9.10+dfsg/testrecurse.c:85:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(directory);len >= 0;len--) {
data/libxml2-2.9.10+dfsg/testrecurse.c:108:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory + len, FindFileData.cFileName, 499 - len);
data/libxml2-2.9.10+dfsg/testrecurse.c:123:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(directory + len, FindFileData.cFileName, 499 - len);
data/libxml2-2.9.10+dfsg/testrecurse.c:204:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(start);
data/libxml2-2.9.10+dfsg/testrecurse.c:252:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(finish);
data/libxml2-2.9.10+dfsg/testrecurse.c:257:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen(segment);
data/libxml2-2.9.10+dfsg/testrecurse.c:602:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur = &filename[strlen(filename)];
data/libxml2-2.9.10+dfsg/testrecurse.c:629:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(suffixbuff,suffix,499);
data/libxml2-2.9.10+dfsg/tree.c:231:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenn = strlen((char *) ncname);
data/libxml2-2.9.10+dfsg/tree.c:232:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen((char *) prefix);
data/libxml2-2.9.10+dfsg/trio.c:159:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define read _read
data/libxml2-2.9.10+dfsg/trio.c:6445:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
self->current = fgetc(file);
data/libxml2-2.9.10+dfsg/trio.c:6482:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, &input, sizeof(char));
data/libxml2-2.9.10+dfsg/triostr.c:167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(string);
data/libxml2-2.9.10+dfsg/triostr.c:230:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(target, source, max - length - 1);
data/libxml2-2.9.10+dfsg/triostr.c:313:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(target, source, max - 1);
data/libxml2-2.9.10+dfsg/uri.c:1620:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len <= 0) len = strlen(str);
data/libxml2-2.9.10+dfsg/uri.c:2058:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(ref->path);
data/libxml2-2.9.10+dfsg/uri.c:2060:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(bas->path);
data/libxml2-2.9.10+dfsg/uri.c:2472:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, (char *) path, len + 1);
data/libxml2-2.9.10+dfsg/valid.c:1301:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/valid.c:1307:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (englob) strcat(buf, "(");
data/libxml2-2.9.10+dfsg/valid.c:1323:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ":");
data/libxml2-2.9.10+dfsg/valid.c:1335:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/valid.c:1355:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/valid.c:1370:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size - strlen(buf) <= 2) return;
data/libxml2-2.9.10+dfsg/valid.c:1372:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ")");
data/libxml2-2.9.10+dfsg/valid.c:1377:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "?");
data/libxml2-2.9.10+dfsg/valid.c:1380:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "*");
data/libxml2-2.9.10+dfsg/valid.c:1383:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "+");
data/libxml2-2.9.10+dfsg/valid.c:5229:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (glob) strcat(buf, "(");
data/libxml2-2.9.10+dfsg/valid.c:5232:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libxml2-2.9.10+dfsg/valid.c:5247:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ":");
data/libxml2-2.9.10+dfsg/valid.c:5256:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/libxml2-2.9.10+dfsg/valid.c:5266:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/libxml2-2.9.10+dfsg/valid.c:5280:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/libxml2-2.9.10+dfsg/valid.c:5295:15: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (glob) strcat(buf, ")");
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.c:22:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int handle, char *buffer, unsigned int len)
data/libxml2-2.9.10+dfsg/win32/wince/wincecompat.h:34:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int handle, char *buffer, unsigned int len);
data/libxml2-2.9.10+dfsg/xmlIO.c:733:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read((int) (ptrdiff_t) context, &buffer[0], len);
data/libxml2-2.9.10+dfsg/xmlIO.c:3522:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char *)str);
data/libxml2-2.9.10+dfsg/xmlIO.c:3653:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libxml2-2.9.10+dfsg/xmlIO.c:3754:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir, filename, 1023);
data/libxml2-2.9.10+dfsg/xmlIO.c:3756:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur = &dir[strlen(dir)];
data/libxml2-2.9.10+dfsg/xmlcatalog.c:87:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line_read);
data/libxml2-2.9.10+dfsg/xmllint.c:557:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:596:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:601:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:608:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:612:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:645:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:683:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:718:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:756:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/libxml2-2.9.10+dfsg/xmllint.c:806:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line_read);
data/libxml2-2.9.10+dfsg/xmlmemory.c:510:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(str) + 1;
data/libxml2-2.9.10+dfsg/xmlreader.c:5917:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned long inlen = strlen(input);
data/libxml2-2.9.10+dfsg/xmlregexp.c:4188:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenn = strlen((char *) value2);
data/libxml2-2.9.10+dfsg/xmlregexp.c:4189:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen((char *) value);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5782:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenn = strlen((char *) token2);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5783:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen((char *) token);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5844:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenn = strlen((char *) token2);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5845:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen((char *) token);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5914:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenn = strlen((char *) token2);
data/libxml2-2.9.10+dfsg/xmlregexp.c:5915:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen((char *) token);
data/libxml2-2.9.10+dfsg/xmlregexp.c:6069:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenn = strlen((char *) token2);
data/libxml2-2.9.10+dfsg/xmlregexp.c:6070:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenp = strlen((char *) token);
data/libxml2-2.9.10+dfsg/xmlschemas.c:16064:11: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (! equal) {
data/libxml2-2.9.10+dfsg/xmlschemastypes.c:5660:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(work) + 1;
data/libxml2-2.9.10+dfsg/xpath.c:3232:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(work) + 1;
data/libxml2-2.9.10+dfsg/xpath.c:12935:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal, ret;
data/libxml2-2.9.10+dfsg/xpath.c:12992:61: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
valuePush(ctxt, xmlXPathCacheNewBoolean(ctxt->context, equal));
data/libxml2-2.9.10+dfsg/xzlib.c:111:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlMalloc(strlen(state->path) + strlen(msg) + 3)) == NULL) {
data/libxml2-2.9.10+dfsg/xzlib.c:111:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlMalloc(strlen(state->path) + strlen(msg) + 3)) == NULL) {
data/libxml2-2.9.10+dfsg/xzlib.c:153:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
state->path = xmlMalloc(strlen(path) + 1);
data/libxml2-2.9.10+dfsg/xzlib.c:240:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(state->fd, buf + *have, len - *have);
ANALYSIS SUMMARY:
Hits = 863
Lines analyzed = 334147 in approximately 8.31 seconds (40211 lines/second)
Physical Source Lines of Code (SLOC) = 245434
Hits@level = [0] 7251 [1] 234 [2] 491 [3] 28 [4] 109 [5] 1
Hits@level+ = [0+] 8114 [1+] 863 [2+] 629 [3+] 138 [4+] 110 [5+] 1
Hits/KSLOC@level+ = [0+] 33.0598 [1+] 3.51622 [2+] 2.56281 [3+] 0.562269 [4+] 0.448186 [5+] 0.00407442
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.