Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mathtex-1.03/mathtex.c
FINAL RESULTS:
data/mathtex-1.03/mathtex.c:417:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(msgfp,(strlen(label)+strlen(data)<64? \
data/mathtex-1.03/mathtex.c:558:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((thisstr),(thisstr)+thislen); } else
data/mathtex-1.03/mathtex.c:765:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'c': strcpy(cachepath,field);
data/mathtex-1.03/mathtex.c:774:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'o': strcpy(outfile,field); /* output file for image */
data/mathtex-1.03/mathtex.c:780:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exprbuffer,argv[argnum]); /* take last unswitched arg */
data/mathtex-1.03/mathtex.c:796:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression,delim+1); /* shift name= out of expression */
data/mathtex-1.03/mathtex.c:851:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression,invalid_referer_msg[msgnumber]); /* choose message */
data/mathtex-1.03/mathtex.c:878:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(expression+strlen(expression),"%s\\\\",argv[0]);
data/mathtex-1.03/mathtex.c:880:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(expression+strlen(expression), /* latex path */
data/mathtex-1.03/mathtex.c:883:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(expression+strlen(expression), /* dvipng path */
data/mathtex-1.03/mathtex.c:886:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(expression+strlen(expression), /* dvips path */
data/mathtex-1.03/mathtex.c:889:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(expression+strlen(expression), /* convert path */
data/mathtex-1.03/mathtex.c:911:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(expression+strlen(expression), /* display environment string */
data/mathtex-1.03/mathtex.c:920:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hashexpr,expression); /* save unmodified expr for hash */
data/mathtex-1.03/mathtex.c:942:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(whichmsg, /* display path or "not found" */
data/mathtex-1.03/mathtex.c:946:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(whichmsg,"which(%s) = not permitted", argstring);
data/mathtex-1.03/mathtex.c:1027:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( !ISGAMMA ) strcpy(gamma,DVIPNGGAMMA); } /* default dvipng gamma */
data/mathtex-1.03/mathtex.c:1031:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( !ISGAMMA ) strcpy(gamma,CONVERTGAMMA); } /* default convert gamma */
data/mathtex-1.03/mathtex.c:1082:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(msgfp, /* timelimit info */
data/mathtex-1.03/mathtex.c:1253:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(usepackage,packargs[ipackage]); /* add optional arg */
data/mathtex-1.03/mathtex.c:1256:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(usepackage,packages[ipackage]); /* add package name */
data/mathtex-1.03/mathtex.c:1274:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(latexfile,makepath("","latex",".tex")); /* latex filename latex.tex */
data/mathtex-1.03/mathtex.c:1295:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,makepath("",timelimitpath,NULL)); /* timelimit program */
data/mathtex-1.03/mathtex.c:1299:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(command+strlen(command), /* add timelimit args after path */
data/mathtex-1.03/mathtex.c:1303:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subcommand,makepath("",latexpath,NULL)); /* running latex program */
data/mathtex-1.03/mathtex.c:1307:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,subcommand); /* add latex path (after timelimit)*/
data/mathtex-1.03/mathtex.c:1309:1: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,latexfile); /* run on latexfile we just wrote */
data/mathtex-1.03/mathtex.c:1312:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("echo \"q\" > reply.txt"); /* reply q to latex error prompt */
data/mathtex-1.03/mathtex.c:1351:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(giffile,makepath(NULL,filename,extensions[imagetype]));
data/mathtex-1.03/mathtex.c:1353:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(giffile,makepath("",outfile,extensions[imagetype]));
data/mathtex-1.03/mathtex.c:1373:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command,makepath("",dvipngpath,NULL)); /* running dvipng program */
data/mathtex-1.03/mathtex.c:1377:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,dvipngargs); /* add dvipng switches */
data/mathtex-1.03/mathtex.c:1378:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,makepath("","latex",".dvi")); /* run dvipng on latex.dvi */
data/mathtex-1.03/mathtex.c:1381:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_stat = system(command); /* execute the dvipng command */
data/mathtex-1.03/mathtex.c:1397:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command,makepath("",dvipspath,NULL)); /* running dvips program */
data/mathtex-1.03/mathtex.c:1402:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,makepath("","latex",".dvi")); /* run dvips on latex.dvi */
data/mathtex-1.03/mathtex.c:1404:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,makepath("","dvips",".ps")); /* dvips.ps postscript file */
data/mathtex-1.03/mathtex.c:1407:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_stat = system(command); /* execute system(dvips) */
data/mathtex-1.03/mathtex.c:1425:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(command,makepath("",convertpath,NULL)); /*running convert program*/
data/mathtex-1.03/mathtex.c:1429:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,convertargs); /* add convert switches */
data/mathtex-1.03/mathtex.c:1430:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,makepath("","dvips",".ps")); /* convert from postscript */
data/mathtex-1.03/mathtex.c:1432:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,giffile); /* followed by ../cache/filename */
data/mathtex-1.03/mathtex.c:1435:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
sys_stat = system(command); /* execute system(convert) command */
data/mathtex-1.03/mathtex.c:1534:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( !ISGAMMA ) strcpy(gamma,CONVERTGAMMA); } }/*default convert gamma*/
data/mathtex-1.03/mathtex.c:1540:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( !ISGAMMA ) strcpy(gamma,DVIPNGGAMMA); } }/* default dvipng gamma */
data/mathtex-1.03/mathtex.c:1581:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"%s.err",filename); /* look for filename.err */
data/mathtex-1.03/mathtex.c:1586:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"grep -i \"%s\" %s.err",filename,filename); /*construct cmd*/
data/mathtex-1.03/mathtex.c:1588:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
grepout = popen( command, "r" ); /* issue grep and capture stdout */
data/mathtex-1.03/mathtex.c:1756:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(optstr,nomath(optionalargs[iopt])); /*optional arg string*/
data/mathtex-1.03/mathtex.c:1761:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(display,nomath(command)); /* command without \ */
data/mathtex-1.03/mathtex.c:1765:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(display,optstr); /* insert them before next {arg} */
data/mathtex-1.03/mathtex.c:1768:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(display,nomath(args[iarg])); /* arg */
data/mathtex-1.03/mathtex.c:1772:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(display,displaystring); /* local copy of display template */
data/mathtex-1.03/mathtex.c:1838:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(adbuffer,message); /* copy message template to buffer */
data/mathtex-1.03/mathtex.c:1847:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression,adbuffer); /* expression mow wrapped in ad */
data/mathtex-1.03/mathtex.c:1943:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuff,cachepath); } /* begin filename with path */
data/mathtex-1.03/mathtex.c:1946:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuff,path); /* begin filename with path */
data/mathtex-1.03/mathtex.c:1949:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuff,(iswindows?"\\":"/")); /* so add windows\ or unix/ */
data/mathtex-1.03/mathtex.c:1954:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuff,name); } /* name concatanated after path/ */
data/mathtex-1.03/mathtex.c:1960:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuff,extension); } /* add extension after path/name. */
data/mathtex-1.03/mathtex.c:1962:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuff, /* add extension without . */
data/mathtex-1.03/mathtex.c:2012:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(directory,dirname); /* start with name given by caller */
data/mathtex-1.03/mathtex.c:2060:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"which %s",program); /* construct command */
data/mathtex-1.03/mathtex.c:2062:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
whichout = popen( command, "r" ); /* issue which and capture stdout */
data/mathtex-1.03/mathtex.c:2116:1: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"locate -q -r \"/%s$\" | grep \"bin\"",program);
data/mathtex-1.03/mathtex.c:2118:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
locateout = popen( command, "r" ); /* issue locate and capture stdout */
data/mathtex-1.03/mathtex.c:2126:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathbuff,pathline); /* store shortest for caller */
data/mathtex-1.03/mathtex.c:2180:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nextpath,path); /* start with path from caller */
data/mathtex-1.03/mathtex.c:2195:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pnext,entry->d_name); /* add filename to path */
data/mathtex-1.03/mathtex.c:2692:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return ( system(command) ); } /* just issue system(command) */
data/mathtex-1.03/mathtex.c:2714:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( killtime < 1 ) return ( system(command) ); /* throttling disabled */
data/mathtex-1.03/mathtex.c:2732:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status = system(command); /* ...submits command */
data/mathtex-1.03/mathtex.c:2936:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)args,argfld); /* so copy arg field there */
data/mathtex-1.03/mathtex.c:2940:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(argptr,argfld); /* so copy arg field there */
data/mathtex-1.03/mathtex.c:2952:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pfirst,plast); /*squeeze directive out of string*/
data/mathtex-1.03/mathtex.c:3111:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression,expression+1); /* squeeze out leading $ */
data/mathtex-1.03/mathtex.c:3128:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expression,expression+2); /* squeeze out leading \[ */
data/mathtex-1.03/mathtex.c:3286:1: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whitespace,WHITESPACE); /*default if no user input for white*/
data/mathtex-1.03/mathtex.c:3289:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whitespace,white); /* so use caller's white spaces */
data/mathtex-1.03/mathtex.c:3291:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ iscase = 0; strcpy(pwhite,pwhite+1); } /*set flag and squeeze it out*/
data/mathtex-1.03/mathtex.c:3293:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ iscase = 0; strcpy(pwhite,pwhite+1); } /*set flag and squeeze it out*/
data/mathtex-1.03/mathtex.c:3295:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(whitespace,WHITESPACE); } /* so revert back to default */
data/mathtex-1.03/mathtex.c:3458:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(from,from+nshift); /* because memory doesn't overlap */
data/mathtex-1.03/mathtex.c:3515:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(snip,snipptr); /* local copy of last snippet */
data/mathtex-1.03/mathtex.c:3941:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%04d-%02d-%02d:%02d:%02d:%02d%s",
data/mathtex-1.03/mathtex.c:3945:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%s, %s %d, %d",
data/mathtex-1.03/mathtex.c:3949:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%s, %s %d, %d, %d:%02d:%02d%s",
data/mathtex-1.03/mathtex.c:3954:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(timebuff,"%d:%02d:%02d%s",
data/mathtex-1.03/mathtex.c:630:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *query = getenv("QUERY_STRING"); /* getenv("QUERY_STRING") result */
data/mathtex-1.03/mathtex.c:643:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *http_referer = getenv("HTTP_REFERER"); /* referer using mathTeX */
data/mathtex-1.03/mathtex.c:734:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
{ char *host = getenv("HTTP_HOST"), /* additional getenv("") results */
data/mathtex-1.03/mathtex.c:735:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*name = getenv("SERVER_NAME"), *addr = getenv("SERVER_ADDR");
data/mathtex-1.03/mathtex.c:735:44: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
*name = getenv("SERVER_NAME"), *addr = getenv("SERVER_ADDR");
data/mathtex-1.03/mathtex.c:1055:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(atoi(timestamp(TZDELTA,4))); /* init rand() with mmddhhmmss */
data/mathtex-1.03/mathtex.c:1876:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *http_referer = getenv("HTTP_REFERER"); /* referer using mathTeX */
data/mathtex-1.03/mathtex.c:191:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char latexpath[256] = LATEX, dvipngpath[256] = DVIPNG,
data/mathtex-1.03/mathtex.c:209:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cachepath[256] = CACHE; /* path to cached image files */
data/mathtex-1.03/mathtex.c:270:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char density[256] = DPI; /*-D/-density arg for dvipng/convert*/
data/mathtex-1.03/mathtex.c:288:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gamma[256] = GAMMA; /* -gamma arg for convert() */
data/mathtex-1.03/mathtex.c:357:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char packages[9][128]; /* additional package names */
data/mathtex-1.03/mathtex.c:358:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char packargs[9][128]; /* optional arg for package */
data/mathtex-1.03/mathtex.c:469:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outfile[256] = "\000"; /* output file, or empty for default*/
data/mathtex-1.03/mathtex.c:473:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tempdir[256] = "\000"; /* temporary work directory */
data/mathtex-1.03/mathtex.c:577:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char optionalargs[8][512] = /* buffer for optional args */
data/mathtex-1.03/mathtex.c:627:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exprbuffer[MAXEXPRSZ+1] = "\000"; /* input TeX expression */
data/mathtex-1.03/mathtex.c:628:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashexpr[MAXEXPRSZ+1] = "\000"; /* usually use md5 of original expr*/
data/mathtex-1.03/mathtex.c:637:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *getdirective(), argstring[256]; /* look for \density, \usepackage */
data/mathtex-1.03/mathtex.c:697:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whichtemplate[512] = /* mathTeX which "adtemplate" */
data/mathtex-1.03/mathtex.c:738:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expression,"\\fbox{\\rm No expression supplied}"); }
data/mathtex-1.03/mathtex.c:770:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'm': msglevel = atoi(field); break;
data/mathtex-1.03/mathtex.c:846:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msgnumber = atoi(argstring); } /* requested message number */
data/mathtex-1.03/mathtex.c:862:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msgnumber = atoi(argstring); /* requested message number */
data/mathtex-1.03/mathtex.c:874:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\parstyle"); /* set paragraph mode */
data/mathtex-1.03/mathtex.c:875:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\small\\tt"); /* set font,size */
data/mathtex-1.03/mathtex.c:876:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\fparbox{"); /* emit -Dswitches in framed box */
data/mathtex-1.03/mathtex.c:877:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"Program image...\\\\\n"); /* image */
data/mathtex-1.03/mathtex.c:879:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"Paths...\\\\\n"); /* paths */
data/mathtex-1.03/mathtex.c:904:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\parstyle"); /* set paragraph mode */
data/mathtex-1.03/mathtex.c:905:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\scriptsize\\tt"); /* set font,size */
data/mathtex-1.03/mathtex.c:906:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\noindent"); /* don't indent first line */
data/mathtex-1.03/mathtex.c:907:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\begin{verbatim}"); /* begin verbatim environment */
data/mathtex-1.03/mathtex.c:915:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expression,"\\end{verbatim}"); /* end verbatim environment */
data/mathtex-1.03/mathtex.c:929:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char whichmsg[512]; /* displayed message */
data/mathtex-1.03/mathtex.c:978:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
isquiet = atoi(argstring); } /* interpret arg as isquiet value */
data/mathtex-1.03/mathtex.c:1008:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(packages[npackages],"color"); /* so \usepackage{color} is needed*/
data/mathtex-1.03/mathtex.c:1049:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(expression,"\\fbox{\\rm No expression supplied}"); /* error msg */
data/mathtex-1.03/mathtex.c:1055:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srand(atoi(timestamp(TZDELTA,4))); /* init rand() with mmddhhmmss */
data/mathtex-1.03/mathtex.c:1070:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( (msglevel = min2(atoi(argstring),MAXMSGLEVEL)) /*assign new msglevel*/
data/mathtex-1.03/mathtex.c:1073:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msgfp = fopen(makepath(NULL,md5hash,".out"),"w"); /* file md5hash.out */
data/mathtex-1.03/mathtex.c:1170:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latexwrapper[MAXEXPRSZ+16384] =
data/mathtex-1.03/mathtex.c:1198:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errormsg[1024] = /* latex runs but can't make .dvi */
data/mathtex-1.03/mathtex.c:1201:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usepackage[1024] = "\000"; /* additional \usepackage{}'s */
data/mathtex-1.03/mathtex.c:1202:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char convertargs[1024] = /* args/switches for convert */
data/mathtex-1.03/mathtex.c:1206:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dvipngargs[1024] = /* args/switches for dvipng */
data/mathtex-1.03/mathtex.c:1213:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *makepath(), latexfile[256],giffile[256]="\000"; /*path/filename.ext*/
data/mathtex-1.03/mathtex.c:1215:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[2048], subcommand[1024]; /* system(command) runs latex, etc */
data/mathtex-1.03/mathtex.c:1250:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(usepackage,"\\usepackage"); /* start with a directive */
data/mathtex-1.03/mathtex.c:1257:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(usepackage,"}\n"); } /* finish constructing directive */
data/mathtex-1.03/mathtex.c:1275:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
latexfp = fopen(latexfile,"w"); /* open latex file for write */
data/mathtex-1.03/mathtex.c:1315:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *freply =fopen("reply.txt","w"); /* open reply.txt for write */
data/mathtex-1.03/mathtex.c:1321:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," < reply.txt"); } /*by redirecting stdin to reply.txt*/
data/mathtex-1.03/mathtex.c:1322:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
else strcat(command," < /dev/null"); /* or redirect stdin to /dev/null */
data/mathtex-1.03/mathtex.c:1323:1: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," >latex.out 2>latex.err"); /* redirect stdout and stderr */
data/mathtex-1.03/mathtex.c:1347:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(giffile,"../"); /* output file will be in cache */
data/mathtex-1.03/mathtex.c:1348:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if ( iserror ) strcat(giffile,"../"); /* we're in error subdirectory */
data/mathtex-1.03/mathtex.c:1379:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," >dvipng.out 2>dvipng.err"); /* redirect stdout, stderr */
data/mathtex-1.03/mathtex.c:1401:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," -E "); /* add -E switch and a blank */
data/mathtex-1.03/mathtex.c:1403:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," -o "); /* to produce output in */
data/mathtex-1.03/mathtex.c:1405:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," >dvips.out 2>dvips.err"); /* redirect stdout, stderr */
data/mathtex-1.03/mathtex.c:1433:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," >convert.out 2>convert.err"); /*redirect stdout, stderr*/
data/mathtex-1.03/mathtex.c:1570:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256]; /* grep program */
data/mathtex-1.03/mathtex.c:1572:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grepline[256]; /* line from grep's stdout */
data/mathtex-1.03/mathtex.c:1704:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char args[10][512]= {"","","","","","","","","",""}; /*\cmd{arg}'s*/
data/mathtex-1.03/mathtex.c:1705:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pargs[11] = { args[0],args[1],args[2],args[3], /* ptrs to them */
data/mathtex-1.03/mathtex.c:1707:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display[2048], argstr[256], optstr[1024]; /*displaystring with args*/
data/mathtex-1.03/mathtex.c:1760:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(display,"\\mbox{~\\underline{"); /* underline error in \mbox{}*/
data/mathtex-1.03/mathtex.c:1767:14: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(ifmt==0) strcat(display,"\\{"); /* insert leading \{ for arg */
data/mathtex-1.03/mathtex.c:1769:14: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(ifmt==0) strcat(display,"\\}"); } /* trailing \} for arg */
data/mathtex-1.03/mathtex.c:1770:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(display,"~not~permitted}~}"); } /* finish error, close \mbox{}*/
data/mathtex-1.03/mathtex.c:1780:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(argstr,"#%d",iarg+1); /* #1 in template displays args[0] */
data/mathtex-1.03/mathtex.c:1828:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adbuffer[MAXEXPRSZ+2048]; /*construct wrapped expression here*/
data/mathtex-1.03/mathtex.c:1883:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (filefp=fopen(makepath(NULL,CACHELOG,NULL),"a")) /*open logfile*/
data/mathtex-1.03/mathtex.c:1932:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuff[512]; /* buffer for constructed filename */
data/mathtex-1.03/mathtex.c:1985:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = (isempty(filename)?NULL:fopen(filename,"r")); /* try to fopen*/
data/mathtex-1.03/mathtex.c:2010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[512]; /* local copy of dirname */
data/mathtex-1.03/mathtex.c:2045:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathbuff[256]; /* buffer for returned path */
data/mathtex-1.03/mathtex.c:2046:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256]; /* which program */
data/mathtex-1.03/mathtex.c:2103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pathbuff[256]; /* buffer for returned path */
data/mathtex-1.03/mathtex.c:2104:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256]; /* locate program | grep /program$ */
data/mathtex-1.03/mathtex.c:2106:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathline[256]; /* read locateout one line at a time*/
data/mathtex-1.03/mathtex.c:2161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextpath[512], *pnext=NULL; /* recurse path/filename in dir */
data/mathtex-1.03/mathtex.c:2238:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[MAXGIFSZ+1]; /* bytes from cachefile */
data/mathtex-1.03/mathtex.c:2309:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *cacheptr = fopen(cachefile,"rb"); /*open cachefile for binary read*/
data/mathtex-1.03/mathtex.c:2310:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cachebuff[512]; /* bytes from cachefile */
data/mathtex-1.03/mathtex.c:2333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+nbytes,cachebuff,nread); /* copy current block to buffer */
data/mathtex-1.03/mathtex.c:2441:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ static char outstr[64];
data/mathtex-1.03/mathtex.c:2442:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/mathtex-1.03/mathtex.c:2449:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( outstr + j*2, "%02x", md5sum[j] );
data/mathtex-1.03/mathtex.c:2563:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy( (void *) (ctx->buffer + left),
data/mathtex-1.03/mathtex.c:2574:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/mathtex-1.03/mathtex.c:2828:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argfld[512]; /* {arg} characters */
data/mathtex-1.03/mathtex.c:2896:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argfld,plbrace+1,fldlen); /*copy field chars to local buffer*/
data/mathtex-1.03/mathtex.c:2919:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argfld,plbrace,fldlen); /*copy field chars to local buffer*/
data/mathtex-1.03/mathtex.c:2938:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argptr = ((char **)args)[karg]; /* arg ptr in array of ptrs */
data/mathtex-1.03/mathtex.c:3145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wstrwhite[128] = "i"; /* whitespace chars for strwstr() */
data/mathtex-1.03/mathtex.c:3179:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char anum[32]; /* chars comprising number after &# */
data/mathtex-1.03/mathtex.c:3189:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
htmlnum = atoi(anum); /* convert anum[] to an integer */
data/mathtex-1.03/mathtex.c:3467:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from,to,tolen); /* chars moved into place */
data/mathtex-1.03/mathtex.c:3499:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snip[256], *snipptr = snippets, /* munge through each snippet */
data/mathtex-1.03/mathtex.c:3519:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snip,snipptr,sniplen); /* local copy of snippet chars */
data/mathtex-1.03/mathtex.c:3553:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[4096]; /* copy of s with no math chars */
data/mathtex-1.03/mathtex.c:3612:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbuff[4096]; /* line-wrapped copy of s */
data/mathtex-1.03/mathtex.c:3614:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tab[32] = " "; /* tab string */
data/mathtex-1.03/mathtex.c:3719:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qreject[256]="\000", *pq=qreject, *pr=reject; /*find "or' in reject*/
data/mathtex-1.03/mathtex.c:3760:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(segment+seglen,ps,copylen); } /* so copy non-reject chars */
data/mathtex-1.03/mathtex.c:3886:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timebuff[256]; /* date:time buffer back to caller */
data/mathtex-1.03/mathtex.c:3958:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timebuff,"%d%02d%02d%02d%02d",
data/mathtex-1.03/mathtex.c:5606:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char image[8192]; /* returned image */
data/mathtex-1.03/mathtex.c:5629:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image+(istring*stringsz),string,thissz); /* concat string to image*/
data/mathtex-1.03/mathtex.c:417:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(msgfp,(strlen(label)+strlen(data)<64? \
data/mathtex-1.03/mathtex.c:417:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(msgfp,(strlen(label)+strlen(data)<64? \
data/mathtex-1.03/mathtex.c:535:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define lastchar(s) (isempty(s)?'\000':*((s)+(strlen(s)-1)))
data/mathtex-1.03/mathtex.c:552:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int thislen = strlen(thisstr); \
data/mathtex-1.03/mathtex.c:564:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((target),thissource,(n)); \
data/mathtex-1.03/mathtex.c:730:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(query) >= 1 ) /* caller gave us a query string */
data/mathtex-1.03/mathtex.c:766:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(cachepath) < 1 /* path is an empty string */
data/mathtex-1.03/mathtex.c:793:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(memcmp(expression,TEXTAREANAME,strlen(TEXTAREANAME))==0) { /*have form*/
data/mathtex-1.03/mathtex.c:840:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(expression) <= MAXINVALID ) /* and this one is short enough*/
data/mathtex-1.03/mathtex.c:878:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(expression+strlen(expression),"%s\\\\",argv[0]);
data/mathtex-1.03/mathtex.c:880:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(expression+strlen(expression), /* latex path */
data/mathtex-1.03/mathtex.c:883:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(expression+strlen(expression), /* dvipng path */
data/mathtex-1.03/mathtex.c:886:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(expression+strlen(expression), /* dvips path */
data/mathtex-1.03/mathtex.c:889:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(expression+strlen(expression), /* convert path */
data/mathtex-1.03/mathtex.c:892:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expression,"}"); /* end-of-\fparbox{} */
data/mathtex-1.03/mathtex.c:911:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(expression+strlen(expression), /* display environment string */
data/mathtex-1.03/mathtex.c:933:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int arglen = strlen(argstring); /* #chars in argstring */
data/mathtex-1.03/mathtex.c:1252:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(usepackage,"["); /* begin optional argument */
data/mathtex-1.03/mathtex.c:1254:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(usepackage,"]"); } /* finish optional arg */
data/mathtex-1.03/mathtex.c:1255:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(usepackage,"{"); /* begin package name argument */
data/mathtex-1.03/mathtex.c:1299:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(command+strlen(command), /* add timelimit args after path */
data/mathtex-1.03/mathtex.c:1308:1: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command," "); /* add a blank before latex args */
data/mathtex-1.03/mathtex.c:1349:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gifpathlen = strlen(giffile); } /* #chars in ../ or ../../ prefix */
data/mathtex-1.03/mathtex.c:1431:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(command," "); /* field separator */
data/mathtex-1.03/mathtex.c:1755:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(optstr,"["); /* leading [ for optional arg */
data/mathtex-1.03/mathtex.c:1757:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(optstr,"]"); } /* trailing ] */
data/mathtex-1.03/mathtex.c:1891:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int loglen = strlen(dashes); /* #chars on line in log file*/
data/mathtex-1.03/mathtex.c:1896:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(refp) <= loglen ) break; /* no more parts */
data/mathtex-1.03/mathtex.c:1959:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(namebuff,"."); /* so we need to add our own . */
data/mathtex-1.03/mathtex.c:2014:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(directory,"/"); /* so add one ourselves */
data/mathtex-1.03/mathtex.c:2065:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (pathchar=fgetc(whichout)) /* get one more char */
data/mathtex-1.03/mathtex.c:2124:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (linelen=strlen(pathline)) > 0 ) { /* ignore empty lines */
data/mathtex-1.03/mathtex.c:2181:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnext = nextpath + strlen(path); /* ptr to '\000' at end of path */
data/mathtex-1.03/mathtex.c:2249:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = (isbuffer<9?strlen((char *)buffptr):isbuffer); }/*determine #bytes*/
data/mathtex-1.03/mathtex.c:2446:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update( &ctx, (uint8 *)instr, strlen(instr) );
data/mathtex-1.03/mathtex.c:2637:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int urllen = strlen(url); /* total length of url string */
data/mathtex-1.03/mathtex.c:2848:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !isalpha((int)(directive[strlen(directive)-1])) )isdalpha=0;/*not alpha*/
data/mathtex-1.03/mathtex.c:2858:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plast = pfirst + strlen(directive); /*ptr to fist char past directive*/
data/mathtex-1.03/mathtex.c:2991:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int explen = (isempty(expression)?0:strlen(expression)); /*#input chars*/
data/mathtex-1.03/mathtex.c:3139:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int htmllen = strlen(htmlsym), /* length of html token */
data/mathtex-1.03/mathtex.c:3141:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
latexlen = strlen(latexsym); /* length of latex replacement */
data/mathtex-1.03/mathtex.c:3152:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
htmllen = wstrlen = strlen(htmlsym); /*reset length of html token and...*/
data/mathtex-1.03/mathtex.c:3193:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
latexlen = strlen(latexsym); /* and length of latex replacement */
data/mathtex-1.03/mathtex.c:3197:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
latexlen = strlen(latexsym); /* length of latex replacement */
data/mathtex-1.03/mathtex.c:3390:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fromlen = (from==NULL?0:strlen(from)), /* #chars to be replaced */
data/mathtex-1.03/mathtex.c:3391:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tolen = (to==NULL?0:strlen(to)); /* #chars in replacement string */
data/mathtex-1.03/mathtex.c:3452:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tolen = (to==NULL?0:strlen(to)), /* #chars in replacement string */
data/mathtex-1.03/mathtex.c:3460:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ char *pfrom = from+strlen(from); /* ptr to null terminating from */
data/mathtex-1.03/mathtex.c:3632:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tablen = strlen(tab); /* reset to actual tab length */
data/mathtex-1.03/mathtex.c:3652:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rhslen = strlen(sol); /* remaining right hand side chars */
data/mathtex-1.03/mathtex.c:3667:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ( finalnewline ) strcat(sbuff,"\n"); /* replace final newline */
ANALYSIS SUMMARY:
Hits = 250
Lines analyzed = 5635 in approximately 0.36 seconds (15713 lines/second)
Physical Source Lines of Code (SLOC) = 3863
Hits@level = [0] 17 [1] 51 [2] 104 [3] 7 [4] 88 [5] 0
Hits@level+ = [0+] 267 [1+] 250 [2+] 199 [3+] 95 [4+] 88 [5+] 0
Hits/KSLOC@level+ = [0+] 69.1173 [1+] 64.7165 [2+] 51.5144 [3+] 24.5923 [4+] 22.7802 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.