Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mapcode-2.5.5/mapcodelib/internal_alphabet_recognizer.h
Examining data/mapcode-2.5.5/mapcodelib/internal_data.h
Examining data/mapcode-2.5.5/mapcodelib/internal_iso3166_data.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_alphabets.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_af.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_ar.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_be.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_cn.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_cs.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_da.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_de.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_en.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_es.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_fi.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_fr.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_he.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_hi.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_hr.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_id.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_it.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_ja.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_ko.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_local.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_nl.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_no.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_pl.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_pt.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_ru.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_sv.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_sw.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_tr.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_names_uk.h
Examining data/mapcode-2.5.5/mapcodelib/internal_territory_search.h
Examining data/mapcode-2.5.5/mapcodelib/mapcode_alphabets.h
Examining data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c
Examining data/mapcode-2.5.5/mapcodelib/mapcode_legacy.h
Examining data/mapcode-2.5.5/mapcodelib/mapcode_territories.h
Examining data/mapcode-2.5.5/mapcodelib/mapcoder.c
Examining data/mapcode-2.5.5/mapcodelib/mapcoder.h
Examining data/mapcode-2.5.5/test/decode_test.h
Examining data/mapcode-2.5.5/test/test_territories.h
Examining data/mapcode-2.5.5/test/unittest.c
Examining data/mapcode-2.5.5/utility/mapcode.cpp
FINAL RESULTS:
data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c:101:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(romanized, "%s%s%s%s%s",
data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c:108:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(asciiBuffer, romanized);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1262:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, result);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1266:33: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, result);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1513:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, input);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1634:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, dec->mapcode);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1635:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input + dc, dec->mapcode + dc + 1);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1653:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, input);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2833:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(territoryISO, hyphen + 1);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2835:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(territoryISO, alphaCode);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3063:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapcode, rlocal.mapcode[0]);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3078:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapcode, mapcodes.mapcode[indexOfSelected]);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3186:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(territoryName, territoryNamesPiped);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3202:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(territoryName, territoryNamesPiped); // no bracket, return it all
data/mapcode-2.5.5/test/unittest.c:74:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(asciiBuffer, "%s%s%s%s%s",
data/mapcode-2.5.5/test/unittest.c:516:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(romanized1, "%s %s%s%s (%d;%d)",
data/mapcode-2.5.5/test/unittest.c:532:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(romanized2, "%s %s%s%s",
data/mapcode-2.5.5/test/unittest.c:635:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(clean, territory);
data/mapcode-2.5.5/test/unittest.c:870:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(alphacode, alphaCode);
data/mapcode-2.5.5/test/unittest.c:2013:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, a);
data/mapcode-2.5.5/utility/mapcode.cpp:538:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullcode, ALPHA_SEARCH[a].alphaCode);
data/mapcode-2.5.5/utility/mapcode.cpp:544:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fullcode + 3, ALPHA_SEARCH[a].alphaCode + 1);
data/mapcode-2.5.5/utility/mapcode.cpp:678:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapcode, mapcodeForCSV[m]);
data/mapcode-2.5.5/utility/mapcode.cpp:679:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mapcode, (variant == 1) ? "-bc" : (variant == 2) ? "-DFGHJKLM" : "");
data/mapcode-2.5.5/utility/mapcode.cpp:784:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random) {
data/mapcode-2.5.5/utility/mapcode.cpp:787:17: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) seed);
data/mapcode-2.5.5/utility/mapcode.cpp:789:17: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) time(0));
data/mapcode-2.5.5/utility/mapcode.cpp:806:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random) {
data/mapcode-2.5.5/mapcodelib/internal_data.h:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ISO3166_ALPHA[_TERRITORY_MAX - _TERRITORY_MIN - 1] = {
data/mapcode-2.5.5/mapcodelib/internal_iso3166_data.h:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char PARENT_LETTER[_TERRITORY_MAX - _TERRITORY_MIN] = {
data/mapcode-2.5.5/mapcodelib/internal_iso3166_data.h:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char PARENT_NUMBER[_TERRITORY_MAX - _TERRITORY_MIN] = {
data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char GLOBAL_MAKEISO_BUFFER[2 * (MAX_ISOCODE_LEN + 1)];
data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char GLOBAL_ASCII_BUFFER[MAX_MAPCODE_RESULT_LEN];
data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char romanized[MAX_MAPCODE_RESULT_LEN];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:193:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char ENCODE_CHARS[34] = {
data/mapcode-2.5.5/mapcodelib/mapcoder.c:203:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char decode_chars[256] = {
data/mapcode-2.5.5/mapcodelib/mapcoder.c:315:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char DOUBLE_NAN[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F}; // NAN (Not a Number)
data/mapcode-2.5.5/mapcodelib/mapcoder.c:316:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char DOUBLE_INF[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0x7F}; // +Infinity
data/mapcode-2.5.5/mapcodelib/mapcoder.c:317:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char DOUBLE_MIN_INF[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF0, 0xFF}; // -Infinity
data/mapcode-2.5.5/mapcodelib/mapcoder.c:511:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(targetString, sourceString, (size_t) nrCharacters);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:651:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country[4];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1225:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[128];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1503:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[MAX_PROPER_MAPCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[8];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1652:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[32];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2383:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prevu, TERRITORY_BOUNDARY(j), sizeof(TerritoryBoundary));
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2672:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(targetAsciiString + totalLen, rest, (size_t) tocopy);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2717:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetAsciiString[MAX_MAPCODE_RESULT_ASCII_LEN] = "";
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2718:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abjadString[MAX_MAPCODE_RESULT_ASCII_LEN] = "";
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2903:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codeISO[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3001:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mapcodeElements, &dec.mapcodeElements, sizeof(MapcodeElements));
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3035:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mapcodeElements, &dec.mapcodeElements, sizeof(MapcodeElements));
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3147:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localeUpper[4] = ""; // Default locale is empty (which implies 'fallback').
data/mapcode-2.5.5/mapcodelib/mapcoder.h:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapcode[MAX_NR_OF_MAPCODE_RESULTS][MAX_MAPCODE_RESULT_ASCII_LEN]; // The mapcodes.
data/mapcode-2.5.5/mapcodelib/mapcoder.h:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char territoryISO[MAX_ISOCODE_ASCII_LEN + 1]; // The (trimmed and uppercased) territory code, from the input.
data/mapcode-2.5.5/mapcodelib/mapcoder.h:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char properMapcode[MAX_PROPER_MAPCODE_ASCII_LEN + 1]; // The (romanised) mapcode excl. territory or extension.
data/mapcode-2.5.5/mapcodelib/mapcoder.h:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char precisionExtension[MAX_PRECISION_DIGITS + 1]; // The (romanised) extension (excluding the hyphen).
data/mapcode-2.5.5/test/unittest.c:494:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[MAX_MAPCODE_RESULT_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:505:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char romanized1[MAX_MAPCODE_RESULT_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:531:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char romanized2[MAX_MAPCODE_RESULT_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:586:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clean[MAX_MAPCODE_RESULT_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:603:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char territory[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:614:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(territory, s, (size_t) len);
data/mapcode-2.5.5/test/unittest.c:642:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clean + i, s, (size_t) len);
data/mapcode-2.5.5/test/unittest.c:865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:868:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alphacode[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:905:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[1];
data/mapcode-2.5.5/test/unittest.c:1328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char largeString[16000];
data/mapcode-2.5.5/test/unittest.c:1515:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[1];
data/mapcode-2.5.5/test/unittest.c:1516:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char largeString[16000];
data/mapcode-2.5.5/test/unittest.c:1588:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(csvName, "r");
data/mapcode-2.5.5/test/unittest.c:1593:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAXLINESIZE];
data/mapcode-2.5.5/test/unittest.c:1602:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
csvTerritoryCode = TERRITORY_OF_INDEX(atoi(s));
data/mapcode-2.5.5/test/unittest.c:1641:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(s) != territoryAlphabet->alphabet[csvNrAlphabets - 1])) {
data/mapcode-2.5.5/test/unittest.c:1644:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
csvNrAlphabets, csvTerritoryCode, atoi(s));
data/mapcode-2.5.5/test/unittest.c:1666:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char territoryName[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1701:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[MAX_MAPCODE_RESULT_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1716:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapcode[MAX_MAPCODE_RESULT_ASCII_LEN];
data/mapcode-2.5.5/test/unittest.c:1767:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gotName[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1771:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1778:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1792:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gotName[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1796:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1803:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1816:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gotName[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1820:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1827:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1844:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char territoryName[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1024]; // large so we can test overflow
data/mapcode-2.5.5/test/unittest.c:1862:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedLocalName[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1878:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1898:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1909:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char territoryNameLocal[MAX_TERRITORY_FULLNAME_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:1911:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_ISOCODE_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:2115:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dec[MAX_MAPCODE_RESULT_ASCII_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:2121:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[MAX_MAPCODE_RESULT_UTF8_LEN + 1];
data/mapcode-2.5.5/test/unittest.c:2151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[1];
data/mapcode-2.5.5/test/unittest.c:2152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char largeString1[20000];
data/mapcode-2.5.5/test/unittest.c:2153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char largeString2[10000];
data/mapcode-2.5.5/utility/mapcode.cpp:530:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char territoryName[MAX_MAPCODE_RESULT_ASCII_LEN];
data/mapcode-2.5.5/utility/mapcode.cpp:537:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullcode[16];
data/mapcode-2.5.5/utility/mapcode.cpp:542:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fullcode, &parents2[p * 3 - 3], 2);
data/mapcode-2.5.5/utility/mapcode.cpp:675:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asciiString[128];
data/mapcode-2.5.5/utility/mapcode.cpp:677:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapcode[128];
data/mapcode-2.5.5/utility/mapcode.cpp:702:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extraDigits = atoi(argv[2]);
data/mapcode-2.5.5/utility/mapcode.cpp:769:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nrOfPoints = atoi(argv[2]);
data/mapcode-2.5.5/utility/mapcode.cpp:776:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extraDigits = atoi(argv[3]);
data/mapcode-2.5.5/utility/mapcode.cpp:786:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int seed = atoi(argv[4]);
data/mapcode-2.5.5/mapcodelib/mapcode_legacy.c:107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(romanized) < maxLength) {
data/mapcode-2.5.5/mapcodelib/mapcoder.c:519:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sourceLength = (int) strlen(sourceString);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:654:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(s && ((int) strlen(s) >= len));
data/mapcode-2.5.5/mapcodelib/mapcoder.c:796:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = result + strlen(result);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:843:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT((int) strlen(s) == extraDigits);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1265:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, " ");
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1383:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(extrapostfix) > MAX_PRECISION_DIGITS) {
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1501:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int codexlen = (int) (strlen(input) - 1);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1624:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int codexlen = (int) (strlen(dec->mapcode) - 1);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1852:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(s);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1954:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(s);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:1956:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(s + len, postfix, strlen(postfix) + 1);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2257:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((mapcodeElements->territoryCode == TERRITORY_MEX) && (strlen(mapcodeElements->properMapcode) < 8)) {
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2306:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
codex = dec->mapcodeElements.indexOfDot * 9 + (int) strlen(dec->mapcodeElements.properMapcode) - 1;
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2509:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(sourceAsciiString);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2524:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(targetAsciiString);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2665:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int totalLen = (int) strlen(targetAsciiString);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2666:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int needed = (int) strlen(rest);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2753:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int) strlen(asciiString);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:2802:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mapcodeString) < MAX_MAPCODE_RESULT_ASCII_LEN) {
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3146:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int upTo = (int) strlen(locale);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3185:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(territoryNamesPiped) <= MAX_TERRITORY_FULLNAME_UTF8_LEN);
data/mapcode-2.5.5/mapcodelib/mapcoder.c:3201:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(territoryNamesPiped) <= MAX_TERRITORY_FULLNAME_UTF8_LEN);
data/mapcode-2.5.5/test/unittest.c:629:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(s);
data/mapcode-2.5.5/test/unittest.c:633:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen(territory);
data/mapcode-2.5.5/test/unittest.c:636:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(clean, " ");
data/mapcode-2.5.5/test/unittest.c:647:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
precision = (int) strlen(s + 1);
data/mapcode-2.5.5/test/unittest.c:867:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i <= strlen(alphaCode); i++) {
data/mapcode-2.5.5/test/unittest.c:1875:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(territoryName);
data/mapcode-2.5.5/test/unittest.c:2187:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ps) < (sizeof(largeString1) / sizeof(largeString1[0])),
data/mapcode-2.5.5/test/unittest.c:2196:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ps) < (sizeof(largeString2) / sizeof(largeString2[0])),
data/mapcode-2.5.5/utility/mapcode.cpp:437:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extraDigits = (int) (strlen(suffix) - 1);
data/mapcode-2.5.5/utility/mapcode.cpp:579:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = s + strlen(s);
ANALYSIS SUMMARY:
Hits = 141
Lines analyzed = 60121 in approximately 2.77 seconds (21738 lines/second)
Physical Source Lines of Code (SLOC) = 57516
Hits@level = [0] 204 [1] 33 [2] 80 [3] 4 [4] 24 [5] 0
Hits@level+ = [0+] 345 [1+] 141 [2+] 108 [3+] 28 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 5.99833 [1+] 2.45149 [2+] 1.87774 [3+] 0.486821 [4+] 0.417275 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.