Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/link-grammar-5.8.0/bindings/java-jni/jni-client.c
Examining data/link-grammar-5.8.0/bindings/java-jni/jni-client.h
Examining data/link-grammar-5.8.0/bindings/ocaml/linkgrammar.c
Examining data/link-grammar-5.8.0/link-grammar/disjunct-utils.c
Examining data/link-grammar-5.8.0/link-grammar/memory-pool.c
Examining data/link-grammar-5.8.0/link-grammar/api.c
Examining data/link-grammar-5.8.0/link-grammar/malloc-dbg.c
Examining data/link-grammar-5.8.0/link-grammar/print/print-util.h
Examining data/link-grammar-5.8.0/link-grammar/print/print.h
Examining data/link-grammar-5.8.0/link-grammar/print/print.c
Examining data/link-grammar-5.8.0/link-grammar/print/wcwidth.h
Examining data/link-grammar-5.8.0/link-grammar/print/print-util.c
Examining data/link-grammar-5.8.0/link-grammar/print/wcwidth.c
Examining data/link-grammar-5.8.0/link-grammar/string-id.h
Examining data/link-grammar-5.8.0/link-grammar/api-structures.h
Examining data/link-grammar-5.8.0/link-grammar/resources.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/Options.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/Options.cc
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/ParseUtils.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Main.cc
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Solver.cc
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Solver.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/SolverTypes.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Dimacs.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/simp/Main.cc
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/simp/SimpSolver.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/simp/SimpSolver.cc
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Queue.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Alg.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/XAlloc.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Alloc.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Map.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Heap.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Sort.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/IntTypes.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/IntMap.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Vec.h
Examining data/link-grammar-5.8.0/link-grammar/minisat/minisat/mtl/Rnd.h
Examining data/link-grammar-5.8.0/link-grammar/externs.h
Examining data/link-grammar-5.8.0/link-grammar/dict-sql/read-sql.c
Examining data/link-grammar-5.8.0/link-grammar/dict-sql/read-sql.h
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/util.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/trie.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/matrix-ut-test.cpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/word-tag.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.h
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/util.cpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/word-tag.cpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/matrix-ut.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/clock.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/guiding.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/variables.cpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/fast-sprintf.hpp
Examining data/link-grammar-5.8.0/link-grammar/sat-solver/fast-sprintf.cpp
Examining data/link-grammar-5.8.0/link-grammar/disjunct-utils.h
Examining data/link-grammar-5.8.0/link-grammar/error.h
Examining data/link-grammar-5.8.0/link-grammar/string-set.h
Examining data/link-grammar-5.8.0/link-grammar/connectors.c
Examining data/link-grammar-5.8.0/link-grammar/dict-file/read-dialect.c
Examining data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c
Examining data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.h
Examining data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c
Examining data/link-grammar-5.8.0/link-grammar/dict-file/dictionary.c
Examining data/link-grammar-5.8.0/link-grammar/dict-file/word-file.h
Examining data/link-grammar-5.8.0/link-grammar/dict-file/read-dialect.h
Examining data/link-grammar-5.8.0/link-grammar/dict-file/word-file.c
Examining data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.h
Examining data/link-grammar-5.8.0/link-grammar/memory-pool.h
Examining data/link-grammar-5.8.0/link-grammar/const-prime.h
Examining data/link-grammar-5.8.0/link-grammar/link-includes.h
Examining data/link-grammar-5.8.0/link-grammar/connectors.h
Examining data/link-grammar-5.8.0/link-grammar/parse/parse.c
Examining data/link-grammar-5.8.0/link-grammar/parse/fast-match.c
Examining data/link-grammar-5.8.0/link-grammar/parse/prune.c
Examining data/link-grammar-5.8.0/link-grammar/parse/preparation.h
Examining data/link-grammar-5.8.0/link-grammar/parse/count.c
Examining data/link-grammar-5.8.0/link-grammar/parse/preparation.c
Examining data/link-grammar-5.8.0/link-grammar/parse/extract-links.h
Examining data/link-grammar-5.8.0/link-grammar/parse/histogram.c
Examining data/link-grammar-5.8.0/link-grammar/parse/prune.h
Examining data/link-grammar-5.8.0/link-grammar/parse/parse.h
Examining data/link-grammar-5.8.0/link-grammar/parse/count.h
Examining data/link-grammar-5.8.0/link-grammar/parse/extract-links.c
Examining data/link-grammar-5.8.0/link-grammar/parse/fast-match.h
Examining data/link-grammar-5.8.0/link-grammar/parse/histogram.h
Examining data/link-grammar-5.8.0/link-grammar/string-set.c
Examining data/link-grammar-5.8.0/link-grammar/utilities.h
Examining data/link-grammar-5.8.0/link-grammar/lg_assert.h
Examining data/link-grammar-5.8.0/link-grammar/tracon-set.h
Examining data/link-grammar-5.8.0/link-grammar/error.c
Examining data/link-grammar-5.8.0/link-grammar/linkage/score.c
Examining data/link-grammar-5.8.0/link-grammar/linkage/analyze-linkage.c
Examining data/link-grammar-5.8.0/link-grammar/linkage/linkage.h
Examining data/link-grammar-5.8.0/link-grammar/linkage/linkage.c
Examining data/link-grammar-5.8.0/link-grammar/linkage/sane.h
Examining data/link-grammar-5.8.0/link-grammar/linkage/score.h
Examining data/link-grammar-5.8.0/link-grammar/linkage/freeli.c
Examining data/link-grammar-5.8.0/link-grammar/linkage/analyze-linkage.h
Examining data/link-grammar-5.8.0/link-grammar/linkage/lisjuncts.c
Examining data/link-grammar-5.8.0/link-grammar/linkage/lisjuncts.h
Examining data/link-grammar-5.8.0/link-grammar/linkage/sane.c
Examining data/link-grammar-5.8.0/link-grammar/resources.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-affix.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dialect.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-api.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-utils.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-structures.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/regex-morph.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/idiom.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-common.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dialect.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/idiom.c
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-common.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-utils.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/dict-defines.h
Examining data/link-grammar-5.8.0/link-grammar/dict-common/regex-morph.c
Examining data/link-grammar-5.8.0/link-grammar/prepare/build-disjuncts.c
Examining data/link-grammar-5.8.0/link-grammar/prepare/exprune.h
Examining data/link-grammar-5.8.0/link-grammar/prepare/build-disjuncts.h
Examining data/link-grammar-5.8.0/link-grammar/prepare/exprune.c
Examining data/link-grammar-5.8.0/link-grammar/post-process/pp_knowledge.h
Examining data/link-grammar-5.8.0/link-grammar/post-process/pp_linkset.h
Examining data/link-grammar-5.8.0/link-grammar/post-process/pp_lexer.h
Examining data/link-grammar-5.8.0/link-grammar/post-process/pp_linkset.c
Examining data/link-grammar-5.8.0/link-grammar/post-process/post-process.c
Examining data/link-grammar-5.8.0/link-grammar/post-process/post-process.h
Examining data/link-grammar-5.8.0/link-grammar/post-process/pp-structures.h
Examining data/link-grammar-5.8.0/link-grammar/post-process/constituents.c
Examining data/link-grammar-5.8.0/link-grammar/post-process/pp_knowledge.c
Examining data/link-grammar-5.8.0/link-grammar/tracon-set.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.h
Examining data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck-hun.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/tok-structures.h
Examining data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck.h
Examining data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck-aspell.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/wordgraph.c
Examining data/link-grammar-5.8.0/link-grammar/tokenize/wordgraph.h
Examining data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.h
Examining data/link-grammar-5.8.0/link-grammar/tokenize/word-structures.h
Examining data/link-grammar-5.8.0/link-grammar/api-types.h
Examining data/link-grammar-5.8.0/link-grammar/utilities.c
Examining data/link-grammar-5.8.0/link-grammar/string-id.c
Examining data/link-grammar-5.8.0/link-parser/parser-utilities.h
Examining data/link-grammar-5.8.0/link-parser/command-line.c
Examining data/link-grammar-5.8.0/link-parser/lg_readline.h
Examining data/link-grammar-5.8.0/link-parser/lg_readline.c
Examining data/link-grammar-5.8.0/link-parser/link-parser.c
Examining data/link-grammar-5.8.0/link-parser/command-line.h
Examining data/link-grammar-5.8.0/link-parser/parser-utilities.c
Examining data/link-grammar-5.8.0/tests/multi-dict.cc
Examining data/link-grammar-5.8.0/tests/multi-thread.cc
Examining data/link-grammar-5.8.0/tests/multi-java.cc
Examining data/link-grammar-5.8.0/tests/mem-leak.cc
Examining data/link-grammar-5.8.0/tests/dict-reopen.cc
FINAL RESULTS:
data/link-grammar-5.8.0/bindings/java-jni/jni-client.c:83:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, message);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locale_buf, tmpbuf);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:145:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
locale = strcat(locale_buf, tmpbuf);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:75:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, prefix);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:86:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, suffix);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:262:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(combined_dictionary_dir + prefix_len, dictionary_dir);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:268:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(combined_dictionary_dir, dll_path);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:270:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(combined_dictionary_dir, dictionary_dir);
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:865:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(regpat, pattern);
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:941:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(word_boundary_constring+1, constring);
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:128:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(token, dict->token);
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:144:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dict->token, token);
data/link-grammar-5.8.0/link-grammar/dict-sql/read-sql.c:236:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s);
data/link-grammar-5.8.0/link-grammar/error.c:391:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff+1, feature);
data/link-grammar-5.8.0/link-grammar/lg_assert.h:37:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "Fatal error: \nAssertion (" #ex ") failed at " FILELINE ": " __VA_ARGS__); \
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:450:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&s[1], t);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:544:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(join, subscript_mark_str()); /* tentative */
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:599:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(join, sm+1);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:600:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(join, subscript_sep_str);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:676:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s + baselen + 2, regex_name);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:678:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (NULL != sm) strcat(s, sm);
data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Main.cc:128:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ret == l_True ? "SATISFIABLE\n" : ret == l_False ? "UNSATISFIABLE\n" : "INDETERMINATE\n");
data/link-grammar-5.8.0/link-grammar/minisat/minisat/simp/Main.cc:146:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(ret == l_True ? "SATISFIABLE\n" : ret == l_False ? "UNSATISFIABLE\n" : "INDETERMINATE\n");
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/Options.cc:64:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, argv[0]);
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/Options.h:285:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "%4" PRIi64, range.begin);
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/Options.h:291:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "%4" PRIi64, range.end);
data/link-grammar-5.8.0/link-grammar/parse/prune.c:44:16: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRx(x) fprintf(stderr, ""#x)
data/link-grammar-5.8.0/link-grammar/print/print-util.c:159:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
templen = vsnprintf(temp_string, TMPLEN, fmt, copy_args);
data/link-grammar-5.8.0/link-grammar/print/print-util.c:174:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
templen = vsnprintf(temp_string, templen+1, fmt, args);
data/link-grammar-5.8.0/link-grammar/print/print-util.c:192:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp_buffer, msg);
data/link-grammar-5.8.0/link-grammar/print/print.c:676:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpicture[row+2], picture[row]);
data/link-grammar-5.8.0/link-grammar/print/print.c:681:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpicture[2*row+2],picture[row]);
data/link-grammar-5.8.0/link-grammar/resources.c:152:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s, sizeof(s), fmt, args);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:608:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(affix, stem_position[0]);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:609:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(affix, stemsubscr->string[0]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:239:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_label, w->label);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:246:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_label, op);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:247:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_label, label);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:654:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buff[1], *affix);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1137:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alt, w);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w, word);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1252:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&w[wlen], stemsubscr[si]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1760:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(w, word);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2429:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(seen_word, temp_word);
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:419:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:433:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *const cmdf = popen(cmd, "w");
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:491:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], (char **)argv);
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:518:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn, fn1), strcat(fn, "/"), strcat(fn, fn2))
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:518:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcpy(fn, fn1), strcat(fn, "/"), strcat(fn, fn2))
data/link-grammar-5.8.0/link-grammar/utilities.c:276:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (to != from) strcpy(to, from);
data/link-grammar-5.8.0/link-grammar/utilities.c:545:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ds->str+ds->end, str);
data/link-grammar-5.8.0/link-grammar/utilities.c:670:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(locale, lbuf);
data/link-grammar-5.8.0/link-grammar/utilities.c:679:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(locale, lbuf);
data/link-grammar-5.8.0/link-grammar/utilities.c:807:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = vsnprintf(NULL, 0, fmt, vl);
data/link-grammar-5.8.0/link-grammar/utilities.c:810:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(buf, n+1, fmt, vl);
data/link-grammar-5.8.0/link-grammar/utilities.h:70:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/link-grammar-5.8.0/link-grammar/utilities.h:70:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/link-grammar-5.8.0/link-grammar/utilities.h:71:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/link-grammar-5.8.0/link-grammar/utilities.h:212:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define strdupa(s) strcpy(alloca(strlen(s)+1), s)
data/link-grammar-5.8.0/link-parser/command-line.c:387:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(help_filename, HELPFILE_BASE);
data/link-grammar-5.8.0/link-parser/command-line.c:389:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ll_pos, HELPFILE_LANG_TEMPLATE HELPFILE_EXT);
data/link-grammar-5.8.0/link-parser/command-line.c:553:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(URL_LINE, "Overview:", OVERVIEW);
data/link-grammar-5.8.0/link-parser/command-line.c:556:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(URL_LINE, "Home page:", PACKAGE_URL);
data/link-grammar-5.8.0/link-parser/command-line.c:557:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(URL_LINE, "Documentation:", PACKAGE_URL"/dict/");
data/link-grammar-5.8.0/link-parser/command-line.c:560:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(URL_LINE, "Discussion group:", DISCUSSION_GROUP);
data/link-grammar-5.8.0/link-parser/command-line.c:563:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(URL_LINE, "Report bugs to:" , PACKAGE_BUGREPORT"/issues");
data/link-grammar-5.8.0/link-parser/link-parser.c:271:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff+1, test_name);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:64:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(home, homedrive);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:65:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(home, homepath);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:339:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = vsnprintf(NULL, 0, fmt, vl);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:342:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(buf, n+1, fmt, vl);
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:511:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define TMPDIR (getenv("TEMP") ? getenv("TEMP") : ".")
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:511:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define TMPDIR (getenv("TEMP") ? getenv("TEMP") : ".")
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:513:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define TMPDIR (getenv("TMPDIR") ? getenv("TMPDIR") : "/tmp")
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:513:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define TMPDIR (getenv("TMPDIR") ? getenv("TMPDIR") : "/tmp")
data/link-grammar-5.8.0/link-grammar/utilities.c:694:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
ev = getenv(*evname);
data/link-grammar-5.8.0/link-grammar/utilities.c:703:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *ostype = getenv("OSTYPE");
data/link-grammar-5.8.0/link-parser/command-line.c:299:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
lc_all = getenv("LC_ALL");
data/link-grammar-5.8.0/link-parser/command-line.c:310:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
lang = getenv("LANG");
data/link-grammar-5.8.0/link-parser/command-line.c:323:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
language = getenv("LANGUAGE");
data/link-grammar-5.8.0/link-parser/link-parser.c:641:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *ostype = getenv("OSTYPE");
data/link-grammar-5.8.0/link-parser/parser-utilities.c:58:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *homepath = getenv("HOMEPATH");
data/link-grammar-5.8.0/link-parser/parser-utilities.c:60:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *homedrive = getenv("HOMEDRIVE");
data/link-grammar-5.8.0/link-parser/parser-utilities.c:72:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/link-grammar-5.8.0/bindings/java-jni/jni-client.c:82:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "link-grammar JNI:\n");
data/link-grammar-5.8.0/link-grammar/api.c:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[256];
data/link-grammar-5.8.0/link-grammar/api.c:209:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[256];
data/link-grammar-5.8.0/link-grammar/api.c:440:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sent->min_len_encoding = atoi(min_len_encoding+1);
data/link-grammar-5.8.0/link-grammar/api.c:446:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sent->min_len_multi_pruning = atoi(min_len_multi_pruning+1);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-common.h:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_idiom[IDIOM_LINK_SZ];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-common.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[MAX_TOKEN_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:90:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wlocale[LOCALE_NAME_MAX_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:91:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wtmpbuf[LOCALE_NAME_MAX_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[LOCALE_NAME_MAX_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale_buf[LOCALE_NAME_MAX_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale_ll[4], locale_cc[3];
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:580:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_entry[MAX_WORD+1] = "";
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dll_path[MAX_PATH_NAME] = "";
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:283:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(fullname, how);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:338:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[MAX_PATH_NAME];
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:427:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(fullname, how);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:507:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[64];
data/link-grammar-5.8.0/link-grammar/dict-common/idiom.c:91:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(s);
data/link-grammar-5.8.0/link-grammar/dict-common/idiom.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2*MAX_WORD];
data/link-grammar-5.8.0/link-grammar/dict-common/idiom.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[IDIOM_LINK_SZ+4];
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:43:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TLS char buf[16];
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:373:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TLS char unknown_type[32] = "";
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:392:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TLS char tag_info[64];
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[MAX_WORD + 32];
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:864:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(regpat, "\\[");
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:942:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(word_boundary_constring+1, "( |$)");
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:1356:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *arg[2];
data/link-grammar-5.8.0/link-grammar/dict-common/regex-morph.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[ERRBUFFLEN];
data/link-grammar-5.8.0/link-grammar/dict-file/read-dialect.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINEBUF_SZ];
data/link-grammar-5.8.0/link-grammar/dict-file/read-dialect.c:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINEBUF_SZ];
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tokens[ERRBUFLEN], t[ERRBUFLEN];
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[MAX_TOKEN_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char utf8char[MAXUTFLEN];
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:1443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[80+MAX_TOKEN_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_REGEX_NAME_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regex[MAX_REGEX_LENGTH];
data/link-grammar-5.8.0/link-grammar/dict-file/word-file.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[MAX_WORD+4]; /* allow for 4-byte wide chars */
data/link-grammar-5.8.0/link-grammar/dict-sql/read-sql.c:411:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fh = fopen(fullname, "r");
data/link-grammar-5.8.0/link-grammar/disjunct-utils.c:937:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved_memblock, ts->memblock, ts->memblock_sz);
data/link-grammar-5.8.0/link-grammar/disjunct-utils.c:954:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts->memblock, saved_memblock, ts->memblock_sz);
data/link-grammar-5.8.0/link-grammar/error.c:253:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sevlabel = (char *)severity_label_by_level[sev-1];
data/link-grammar-5.8.0/link-grammar/linkage/analyze-linkage.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[MAX_TOKEN_LENGTH + 1];
data/link-grammar-5.8.0/link-grammar/linkage/analyze-linkage.c:50:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(l, &connector_string(c1)[d1->uc_start], d1->uc_length);
data/link-grammar-5.8.0/link-grammar/linkage/lisjuncts.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char djstr[MAX_LINK_NAME_LENGTH*20]; /* no word will have more than 20 links */
data/link-grammar-5.8.0/link-grammar/linkage/sane.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*nwp)[n].path, path, path_arr_size);
data/link-grammar-5.8.0/link-grammar/memory-pool.c:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[64];
data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Main.cc:97:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* res = (argc >= 3) ? fopen(argv[2], "wb") : NULL;
data/link-grammar-5.8.0/link-grammar/minisat/minisat/core/Solver.cc:941:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(file, "wr");
data/link-grammar-5.8.0/link-grammar/minisat/minisat/simp/Main.cc:101:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* res = (argc >= 3) ? fopen(argv[2], "wb") : NULL;
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:38:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "/proc/%d/statm", pid);
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:39:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* in = fopen(name, "rb");
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:55:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "/proc/%d/status", pid);
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:56:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* in = fopen(name, "rb");
data/link-grammar-5.8.0/link-grammar/parse/count.c:585:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_result[64] = "";
data/link-grammar-5.8.0/link-grammar/parse/prune.c:1012:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xlink_found[32] = "";
data/link-grammar-5.8.0/link-grammar/parse/prune.c:1139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char found_nulls[32] = "";
data/link-grammar-5.8.0/link-grammar/parse/prune.c:1363:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3];
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:969:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_WORD];
data/link-grammar-5.8.0/link-grammar/post-process/post-process.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mark[MAX_NUM_LINKS];
data/link-grammar-5.8.0/link-grammar/post-process/pp_knowledge.c:401:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/link-grammar-5.8.0/link-grammar/post-process/pp_lexer.h:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *labels[PP_LEXER_MAX_LABELS]; /* array of labels */
data/link-grammar-5.8.0/link-grammar/print/print-util.c:37:10: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
mblen = MultiByteToWideChar(CP_UTF8, 0, s, -1, NULL, 0) - 1;
data/link-grammar-5.8.0/link-grammar/print/print-util.c:50:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, s, -1, ws, mblen);
data/link-grammar-5.8.0/link-grammar/print/print-util.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_buffer[TMPLEN];
data/link-grammar-5.8.0/link-grammar/print/print-util.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/link-grammar-5.8.0/link-grammar/print/print-util.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, mbs, n);
data/link-grammar-5.8.0/link-grammar/resources.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128] = "";
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME] = "w";
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:378:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_var[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_var[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:1048:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME] = "0";
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:1049:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name+1, "%dw%dw%d", var, optlw_exists?lv->left_word:255,
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:1122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:1168:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_var[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/sat-encoder.cpp:1218:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_var[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/word-tag.cpp:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_var[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/sat-solver/word-tag.cpp:116:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_var[MAX_VARIABLE_NAME];
data/link-grammar-5.8.0/link-grammar/string-id.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[0];
data/link-grammar-5.8.0/link-grammar/string-id.c:176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, source_string, len);
data/link-grammar-5.8.0/link-grammar/string-set.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[0];
data/link-grammar-5.8.0/link-grammar/string-set.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, source_string, len);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pl, ps, sizeof(p_start) * p);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:392:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
as->nparts = atoi(regparts->string[0]);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:415:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
as->altsmin = atoi(regalts->string[0]);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:416:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
as->altsmax = atoi(regalts->string[1]);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:417:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((atoi(regalts->string[0]) <= 0) || (atoi(regalts->string[1]) <= 0))
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:417:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((atoi(regalts->string[0]) <= 0) || (atoi(regalts->string[1]) <= 0))
data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck-hun.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hunspell_aff_file[FPATHLEN];
data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck-hun.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hunspell_dic_file[FPATHLEN];
data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck-hun.c:96:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(hunspell_aff_file, "r");
data/link-grammar-5.8.0/link-grammar/tokenize/spellcheck-hun.c:100:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(hunspell_dic_file, "r");
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:46:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef const char *stripped_t[MAX_STRIP];
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:609:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, *affix, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1442:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *split_prefix[HEB_PRENUM_MAX]; /* the whole prefix */
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1919:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *w,
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1920:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char **wend,
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2141:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *dictcap[2];
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:3430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024];
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nn[2*sizeof(char *) + 2 + 2 + 1]; /* \"%p\" node name: "0x..."+NUL*/
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:584:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gvf = fopen(gvf_name, "w");
data/link-grammar-5.8.0/link-grammar/utilities.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, str, size);
data/link-grammar-5.8.0/link-grammar/utilities.c:219:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
nb2 = MultiByteToWideChar(CP_UTF8, 0, s, nb, NULL, 0);
data/link-grammar-5.8.0/link-grammar/utilities.c:220:8: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
nb2 = MultiByteToWideChar(CP_UTF8, 0, s, nb, pwc, nb2);
data/link-grammar-5.8.0/link-grammar/utilities.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low[MB_LEN_MAX];
data/link-grammar-5.8.0/link-grammar/utilities.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low[MB_LEN_MAX];
data/link-grammar-5.8.0/link-grammar/utilities.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[10];
data/link-grammar-5.8.0/link-grammar/utilities.c:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locale[32];
data/link-grammar-5.8.0/link-grammar/utilities.h:80:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(x, y, s) memcpy((void *)x, (void *)y, s)
data/link-grammar-5.8.0/link-grammar/utilities.h:80:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy(x, y, s) memcpy((void *)x, (void *)y, s)
data/link-grammar-5.8.0/link-grammar/utilities.h:314:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
return MultiByteToWideChar(CP_UTF8, 0, s, -1, NULL, 0)-1;
data/link-grammar-5.8.0/link-parser/command-line.c:223:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128]; /* Size of buf is much more than we need */
data/link-grammar-5.8.0/link-parser/command-line.c:239:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "(not set)");
data/link-grammar-5.8.0/link-parser/command-line.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ll_pos, ll, HELPFILE_LANG_TEMPLATE_SIZE);
data/link-grammar-5.8.0/link-parser/command-line.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_INPUT]; /* Maximum number of character in a help file line */
data/link-grammar-5.8.0/link-parser/command-line.c:791:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (is_numerical_rhs(y)) val = atoi(y);
data/link-grammar-5.8.0/link-parser/command-line.c:827:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*((char **) as[j].ptr) = y;
data/link-grammar-5.8.0/link-parser/command-line.c:828:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%s set to %s\n", (char *)as[j].string, y);
data/link-grammar-5.8.0/link-parser/lg_readline.c:295:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cwdfd = open(".", O_DIRECTORY|O_PATH);
data/link-grammar-5.8.0/link-parser/link-parser.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char input_string[MAX_INPUT];
data/link-grammar-5.8.0/link-parser/link-parser.c:306:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_display = atoi(auto_next_linkage_pos + 1);
data/link-grammar-5.8.0/link-parser/link-parser.c:847:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_fh = fopen(eh_filename, "r");
data/link-grammar-5.8.0/link-parser/parser-utilities.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eh_filename, home, home_len);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:92:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eh_filename + home_len, filename, filename_len + 1);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:111:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t winbuf[MAX_INPUT];
data/link-grammar-5.8.0/link-parser/parser-utilities.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char utf8inbuf[MAX_INPUT*4+1];
data/link-grammar-5.8.0/tests/multi-thread.cc:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk[LIN*WID];
data/link-grammar-5.8.0/bindings/java-jni/jni-client.c:81:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = (char *) malloc(50+strlen(message));
data/link-grammar-5.8.0/link-grammar/api.c:173:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dummy);
data/link-grammar-5.8.0/link-grammar/api.c:184:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff+1, dummy, sizeof(buff)-2);
data/link-grammar-5.8.0/link-grammar/api.c:210:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dummy);
data/link-grammar-5.8.0/link-grammar/api.c:221:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff+1, dummy, sizeof(buff)-2);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:86:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int locale_size = strlen(ll) + 1 + strlen(cc) + 1;
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:86:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int locale_size = strlen(ll) + 1 + strlen(cc) + 1;
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:124:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(locale_buf, "_");
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:147:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int locale_size = strlen(ll) + 1 + strlen(cc) + sizeof(".UTF-8");
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:147:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int locale_size = strlen(ll) + 1 + strlen(cc) + sizeof(".UTF-8");
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:424:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*(char * const *)b) - strlen(*(char * const *)a);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:424:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(*(char * const *)b) - strlen(*(char * const *)a);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:447:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w_len = (NULL == w_sm) ? strlen(w) : (size_t)(w_sm - w);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:455:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(w_last) != w_len) || (0 != strncmp(w_last, w, w_len)))
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:457:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(w_last, w, w_len);
data/link-grammar-5.8.0/link-grammar/dict-common/dict-impl.c:563:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((1 < ac->length) || ((1 == ac->length) && (1 != strlen(ac->string[0]))))
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:59:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pathlen = strlen(path);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:72:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(prefix) + 1 /* len(DIR_SEPARATOR) */ + strlen(suffix);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:72:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(prefix) + 1 /* len(DIR_SEPARATOR) */ + strlen(suffix);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:80:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prel = strlen(path);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:176:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dictionary_dir) > 2) && (':' == dictionary_dir[1]))
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:228:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dll_path) < 3)
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:259:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = prefix_len + strlen(dictionary_dir) + 1;
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:261:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(combined_dictionary_dir, dll_path, prefix_len);
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:266:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dll_path)+1+strlen(dictionary_dir)+1;
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:266:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dll_path)+1+strlen(dictionary_dir)+1;
data/link-grammar-5.8.0/link-grammar/dict-common/file-utils.c:269:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(combined_dictionary_dir, "\\"); /* Mixing / and \ is allowed. */
data/link-grammar-5.8.0/link-grammar/dict-common/idiom.c:55:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:853:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pat_len = strlen(pattern);
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:866:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(regpat, "]");
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:939:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alloca(strlen(constring) + sizeof(added_chars));
data/link-grammar-5.8.0/link-grammar/dict-common/print-dict.c:1283:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(word);
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:139:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tokens, t, ERRBUFLEN-1-pos);
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:388:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s);
data/link-grammar-5.8.0/link-grammar/dict-file/read-dict.c:974:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(dict->token) - 1; /* this must be +, - or $ if a connector */
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:68:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:75:45: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c != EOF) && (c != '\n')) { c = fgetc(fp); }
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:93:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:102:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:114:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:123:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/read-regex.c:143:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/word-file.c:55:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-file/word-file.c:62:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/link-grammar-5.8.0/link-grammar/dict-sql/read-sql.c:225:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * es = malloc(2 * strlen(s) + 1);
data/link-grammar-5.8.0/link-grammar/dict-sql/read-sql.c:229:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, s, q-s+1);
data/link-grammar-5.8.0/link-grammar/error.c:275:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int fmtlen = strlen(fmt);
data/link-grammar-5.8.0/link-grammar/error.c:377:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(feature);
data/link-grammar-5.8.0/link-grammar/error.c:392:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff, ",");
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:55:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (NULL == sm) sm = (char *)wm + strlen(wm);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:58:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(join_buff, wm, sm-wm-INFIX_MARK_L);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:60:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(join_buff, INFIX_MARK_L+wm, sm-wm-INFIX_MARK_L);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:62:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(join_buff, INFIX_MARK_L+wm, sm-wm-2*INFIX_MARK_L);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:64:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(join_buff, wm, sm-wm);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:75:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
join_len += strlen(wgp[i]->subword);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:102:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (w = start; w <= end; w++) join_len += strlen((*w)->subword);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:447:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(t) + 2;
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:517:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
join_len += strlen(cdjp[j]->word_string) + 1;
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:605:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
join_len = strlen(join);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:642:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int baselen = NULL == sm ? strlen(t) : (size_t)(sm-s);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:672:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = alloca(strlen(t) + strlen(regex_name) + 4);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:672:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = alloca(strlen(t) + strlen(regex_name) + 4);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:673:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, t, baselen);
data/link-grammar-5.8.0/link-grammar/linkage/linkage.c:677:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "]");
data/link-grammar-5.8.0/link-grammar/linkage/lisjuncts.c:114:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cs_lastchar = &cs[strlen(cs)-1];
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/Options.h:371:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (uint32_t i = 0; i < 32 - strlen(name)*2; i++)
data/link-grammar-5.8.0/link-grammar/minisat/minisat/utils/System.cc:62:29: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!feof(in) && fgetc(in) != '\n')
data/link-grammar-5.8.0/link-grammar/parse/prune.c:1612:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_s = strlen(s);
data/link-grammar-5.8.0/link-grammar/parse/prune.c:1619:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_c = strlen(c);
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:1011:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, linkage->word[w], MAX_WORD);
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:1124:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((token[0] == OPEN_BRACKET) && (strlen(token) > 1))
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:1126:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(token) > 1) && (token[strlen(token) - 1] == CLOSE_BRACKET))
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:1126:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(token) > 1) && (token[strlen(token) - 1] == CLOSE_BRACKET))
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:1150:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q[strlen(q)-1]='\0';
data/link-grammar-5.8.0/link-grammar/post-process/constituents.c:1190:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
child_offset = o2 + strlen(n->label) + 2;
data/link-grammar-5.8.0/link-grammar/print/print-util.c:194:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp_buffer, "]");
data/link-grammar-5.8.0/link-grammar/print/print-util.h:50:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return width + strlen(s) - utf8_strwidth(s);
data/link-grammar-5.8.0/link-grammar/print/print.c:70:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
link_len[l->rw] = strlen(l->link_name) +
data/link-grammar-5.8.0/link-grammar/print/print.c:101:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_bytes_in_line += word_offset[i] + 2*strlen(linkage->word[i]) + 1;
data/link-grammar-5.8.0/link-grammar/print/print.c:127:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t twidth = strlen(t);
data/link-grammar-5.8.0/link-grammar/print/print.c:270:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pad += strlen(infword) - utf8_strwidth(infword);
data/link-grammar-5.8.0/link-grammar/print/print.c:612:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(s);
data/link-grammar-5.8.0/link-grammar/print/print.c:806:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exfree(s, strlen(s)+1);
data/link-grammar-5.8.0/link-grammar/print/print.c:811:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exfree(s, strlen(s)+1);
data/link-grammar-5.8.0/link-grammar/print/print.c:816:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exfree(s, strlen(s)+1);
data/link-grammar-5.8.0/link-grammar/print/print.c:836:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(header(print_ps_header)) + strlen(ps) + strlen(trailer(print_ps_header)) + 1;
data/link-grammar-5.8.0/link-grammar/print/print.c:836:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(header(print_ps_header)) + strlen(ps) + strlen(trailer(print_ps_header)) + 1;
data/link-grammar-5.8.0/link-grammar/print/print.c:836:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(header(print_ps_header)) + strlen(ps) + strlen(trailer(print_ps_header)) + 1;
data/link-grammar-5.8.0/link-grammar/print/print.c:840:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exfree(ps, strlen(ps)+1);
data/link-grammar-5.8.0/link-grammar/print/print.c:847:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exfree(s, strlen(s)+1);
data/link-grammar-5.8.0/link-grammar/print/print.c:859:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exfree(s, strlen(s)+1);
data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp:39:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = (char*)xalloc((std::max(strlen(connector1), strlen(connector2)) + 1)*
data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp:39:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = (char*)xalloc((std::max(strlen(connector1), strlen(connector2)) + 1)*
data/link-grammar-5.8.0/link-grammar/sat-solver/variables.hpp:84:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xfree((*i)->label, strlen((*i)->label));
data/link-grammar-5.8.0/link-grammar/string-id.c:172:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(source_string) + 1;
data/link-grammar-5.8.0/link-grammar/string-set.c:193:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(source_string) + 1;
data/link-grammar-5.8.0/link-grammar/string-set.h:67:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t p1 = ((strlen(s1)+1)&~(sizeof(String_set *)-1))+sizeof(String_set *);
data/link-grammar-5.8.0/link-grammar/string-set.h:68:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t p2 = ((strlen(s2)+1)&~(sizeof(String_set *)-1))+sizeof(String_set *);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:79:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(gw);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:270:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t blen = strlen(word);
data/link-grammar-5.8.0/link-grammar/tokenize/anysplit.c:445:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(word);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:235:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s = (NULL == w->label) ? 0 : strlen(w->label);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:236:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *new_label = alloca(s + strlen(label) + 1 + 2 + 1); /* len+op+()+NUL */
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:244:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_label, "(");
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:248:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (NULL == op) strcat(new_label, ")");
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:328:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((0 == strncmp((*n)->subword, altword0, strlen((*n)->subword))) &&
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1102:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(c);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1130:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(alt, s, c-s);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1239:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wlen = strlen(word);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1245:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = MAX(slen, strlen(stemsubscr[si]));
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1294:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *wend = w + strlen(w);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1317:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suflen = strlen(*suffix);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1328:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newword, w, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1363:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prelen = strlen(prefix[j]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1372:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newword, w+prelen, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1466:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wordlen = strlen(word); /* guaranteed < MAX_WORD by separate_word() */
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1484:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(mprefix[i]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1485:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wlen = strlen(w);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1534:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(mprefix[pfound]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1613:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int downcase_size = strlen(word)+MB_LEN_MAX+1;
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1767:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(mpunc[i]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:1823:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(lpunc[i]);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2027:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(word, w, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2064:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t sz = (NULL==wend) ? strlen(w) : (size_t)(wend-w);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2265:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(unsplit_word->subword);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2394:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_word, word, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2424:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_word, word, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2462:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_word, word, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2482:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_word, word, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2763:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t sz = (NULL == wend) ? strlen(w) : (size_t)(wend - w);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2767:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(word, w, sz);
data/link-grammar-5.8.0/link-grammar/tokenize/tokenize.c:2788:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_word->start = sent->orig_sentence + strlen(sent->orig_sentence);
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:517:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(fn=alloca(strlen(fn1)+strlen(fn2)+2),\
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:517:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(fn=alloca(strlen(fn1)+strlen(fn2)+2),\
data/link-grammar-5.8.0/link-grammar/tokenize/wg-display.c:518:20: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcpy(fn, fn1), strcat(fn, "/"), strcat(fn, fn2))
data/link-grammar-5.8.0/link-grammar/tokenize/wordgraph.c:449:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(status_str);
data/link-grammar-5.8.0/link-grammar/utilities.c:63:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, errstr, len);
data/link-grammar-5.8.0/link-grammar/utilities.c:150:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(u, v, usize-strlen(u)-1);
data/link-grammar-5.8.0/link-grammar/utilities.c:150:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(u, v, usize-strlen(u)-1);
data/link-grammar-5.8.0/link-grammar/utilities.c:162:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
data/link-grammar-5.8.0/link-grammar/utilities.c:539:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(str);
data/link-grammar-5.8.0/link-grammar/utilities.c:671:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(locale, "-");
data/link-grammar-5.8.0/link-grammar/utilities.h:212:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strdupa(s) strcpy(alloca(strlen(s)+1), s)
data/link-grammar-5.8.0/link-grammar/utilities.h:218:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_s, s, n);
data/link-grammar-5.8.0/link-parser/command-line.c:138:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/link-grammar-5.8.0/link-parser/command-line.c:172:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/link-grammar-5.8.0/link-parser/command-line.c:388:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ll_pos = &help_filename[strlen(help_filename)];
data/link-grammar-5.8.0/link-parser/command-line.c:513:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(line);
data/link-grammar-5.8.0/link-parser/command-line.c:645:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((s != NULL) && strncasecmp(s, "help", strlen(s)) == 0)
data/link-grammar-5.8.0/link-parser/command-line.c:657:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(s, as[i].string, strlen(s)) == 0)
data/link-grammar-5.8.0/link-parser/command-line.c:721:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(s, as[i].string, strlen(s)) == 0)
data/link-grammar-5.8.0/link-parser/command-line.c:724:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(as[i].string) != strlen(s))) continue;
data/link-grammar-5.8.0/link-parser/command-line.c:724:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(as[i].string) != strlen(s))) continue;
data/link-grammar-5.8.0/link-parser/command-line.c:767:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(x, as[i].string, strlen(x)) == 0)
data/link-grammar-5.8.0/link-parser/command-line.c:770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(as[i].string) != strlen(x))) continue;
data/link-grammar-5.8.0/link-parser/command-line.c:770:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(as[i].string) != strlen(x))) continue;
data/link-grammar-5.8.0/link-parser/command-line.c:845:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(s, as[i].string, strlen(s)) == 0)
data/link-grammar-5.8.0/link-parser/command-line.c:848:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(as[i].string) != strlen(s))) continue;
data/link-grammar-5.8.0/link-parser/command-line.c:848:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(as[i].string) != strlen(s))) continue;
data/link-grammar-5.8.0/link-parser/command-line.h:18:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define FIELD_WIDTH(str, width) (int)((width)+strlen(str)-utf8_strwidth(str))
data/link-grammar-5.8.0/link-parser/lg_readline.c:102:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addlen = strlen((*match)->string) - len;
data/link-grammar-5.8.0/link-parser/lg_readline.c:159:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addstr, (*start)->string + len, addlen);
data/link-grammar-5.8.0/link-parser/link-parser.c:266:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(test_name);
data/link-grammar-5.8.0/link-parser/link-parser.c:272:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff, ",");
data/link-grammar-5.8.0/link-parser/link-parser.c:811:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (char *p = &input_string[strlen(input_string)-1];
data/link-grammar-5.8.0/link-parser/link-parser.c:818:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(input_string, WHITESPACE) == strlen(input_string))
data/link-grammar-5.8.0/link-parser/parser-utilities.c:63:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
home = malloc(strlen(homepath) + strlen(homedrive) + 1);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:63:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
home = malloc(strlen(homepath) + strlen(homedrive) + 1);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:87:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t filename_len = strlen(filename);
data/link-grammar-5.8.0/link-parser/parser-utilities.c:88:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t home_len = strlen(home);
ANALYSIS SUMMARY:
Hits = 388
Lines analyzed = 51092 in approximately 1.58 seconds (32300 lines/second)
Physical Source Lines of Code (SLOC) = 33929
Hits@level = [0] 356 [1] 170 [2] 134 [3] 13 [4] 71 [5] 0
Hits@level+ = [0+] 744 [1+] 388 [2+] 218 [3+] 84 [4+] 71 [5+] 0
Hits/KSLOC@level+ = [0+] 21.9281 [1+] 11.4356 [2+] 6.42518 [3+] 2.47576 [4+] 2.09261 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.