Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/neomutt-20201120+dfsg.1/address/address.c
Examining data/neomutt-20201120+dfsg.1/address/address.h
Examining data/neomutt-20201120+dfsg.1/address/group.c
Examining data/neomutt-20201120+dfsg.1/address/group.h
Examining data/neomutt-20201120+dfsg.1/address/idna.c
Examining data/neomutt-20201120+dfsg.1/address/idna2.h
Examining data/neomutt-20201120+dfsg.1/address/lib.h
Examining data/neomutt-20201120+dfsg.1/alias/alias.c
Examining data/neomutt-20201120+dfsg.1/alias/alias.h
Examining data/neomutt-20201120+dfsg.1/alias/array.c
Examining data/neomutt-20201120+dfsg.1/alias/commands.c
Examining data/neomutt-20201120+dfsg.1/alias/config.c
Examining data/neomutt-20201120+dfsg.1/alias/dlgalias.c
Examining data/neomutt-20201120+dfsg.1/alias/dlgquery.c
Examining data/neomutt-20201120+dfsg.1/alias/gui.c
Examining data/neomutt-20201120+dfsg.1/alias/gui.h
Examining data/neomutt-20201120+dfsg.1/alias/lib.h
Examining data/neomutt-20201120+dfsg.1/alias/reverse.c
Examining data/neomutt-20201120+dfsg.1/alias/reverse.h
Examining data/neomutt-20201120+dfsg.1/alias/sort.c
Examining data/neomutt-20201120+dfsg.1/autocrypt/autocrypt.c
Examining data/neomutt-20201120+dfsg.1/autocrypt/config.c
Examining data/neomutt-20201120+dfsg.1/autocrypt/db.c
Examining data/neomutt-20201120+dfsg.1/autocrypt/dlgautocrypt.c
Examining data/neomutt-20201120+dfsg.1/autocrypt/gpgme.c
Examining data/neomutt-20201120+dfsg.1/autocrypt/lib.h
Examining data/neomutt-20201120+dfsg.1/autocrypt/private.h
Examining data/neomutt-20201120+dfsg.1/autocrypt/schema.c
Examining data/neomutt-20201120+dfsg.1/bcache/bcache.c
Examining data/neomutt-20201120+dfsg.1/bcache/lib.h
Examining data/neomutt-20201120+dfsg.1/browser.c
Examining data/neomutt-20201120+dfsg.1/browser.h
Examining data/neomutt-20201120+dfsg.1/command_parse.c
Examining data/neomutt-20201120+dfsg.1/command_parse.h
Examining data/neomutt-20201120+dfsg.1/commands.c
Examining data/neomutt-20201120+dfsg.1/commands.h
Examining data/neomutt-20201120+dfsg.1/complete.c
Examining data/neomutt-20201120+dfsg.1/compmbox/compress.c
Examining data/neomutt-20201120+dfsg.1/compmbox/lib.h
Examining data/neomutt-20201120+dfsg.1/compose/compose.c
Examining data/neomutt-20201120+dfsg.1/compose/config.c
Examining data/neomutt-20201120+dfsg.1/compose/lib.h
Examining data/neomutt-20201120+dfsg.1/compress/compress.c
Examining data/neomutt-20201120+dfsg.1/compress/lib.h
Examining data/neomutt-20201120+dfsg.1/compress/lz4.c
Examining data/neomutt-20201120+dfsg.1/compress/private.h
Examining data/neomutt-20201120+dfsg.1/compress/zlib.c
Examining data/neomutt-20201120+dfsg.1/compress/zstd.c
Examining data/neomutt-20201120+dfsg.1/config/address.c
Examining data/neomutt-20201120+dfsg.1/config/address.h
Examining data/neomutt-20201120+dfsg.1/config/bool.c
Examining data/neomutt-20201120+dfsg.1/config/bool.h
Examining data/neomutt-20201120+dfsg.1/config/charset.c
Examining data/neomutt-20201120+dfsg.1/config/charset.h
Examining data/neomutt-20201120+dfsg.1/config/dump.c
Examining data/neomutt-20201120+dfsg.1/config/dump.h
Examining data/neomutt-20201120+dfsg.1/config/enum.c
Examining data/neomutt-20201120+dfsg.1/config/enum.h
Examining data/neomutt-20201120+dfsg.1/config/helpers.c
Examining data/neomutt-20201120+dfsg.1/config/helpers.h
Examining data/neomutt-20201120+dfsg.1/config/inheritance.h
Examining data/neomutt-20201120+dfsg.1/config/lib.h
Examining data/neomutt-20201120+dfsg.1/config/long.c
Examining data/neomutt-20201120+dfsg.1/config/mbtable.c
Examining data/neomutt-20201120+dfsg.1/config/mbtable.h
Examining data/neomutt-20201120+dfsg.1/config/number.c
Examining data/neomutt-20201120+dfsg.1/config/path.c
Examining data/neomutt-20201120+dfsg.1/config/quad.c
Examining data/neomutt-20201120+dfsg.1/config/quad.h
Examining data/neomutt-20201120+dfsg.1/config/regex.c
Examining data/neomutt-20201120+dfsg.1/config/regex2.h
Examining data/neomutt-20201120+dfsg.1/config/set.c
Examining data/neomutt-20201120+dfsg.1/config/set.h
Examining data/neomutt-20201120+dfsg.1/config/slist.c
Examining data/neomutt-20201120+dfsg.1/config/sort.c
Examining data/neomutt-20201120+dfsg.1/config/sort2.h
Examining data/neomutt-20201120+dfsg.1/config/string.c
Examining data/neomutt-20201120+dfsg.1/config/subset.c
Examining data/neomutt-20201120+dfsg.1/config/subset.h
Examining data/neomutt-20201120+dfsg.1/config/types.h
Examining data/neomutt-20201120+dfsg.1/conn/config.c
Examining data/neomutt-20201120+dfsg.1/conn/connaccount.c
Examining data/neomutt-20201120+dfsg.1/conn/connaccount.h
Examining data/neomutt-20201120+dfsg.1/conn/connection.h
Examining data/neomutt-20201120+dfsg.1/conn/dlgverifycert.c
Examining data/neomutt-20201120+dfsg.1/conn/getdomain.c
Examining data/neomutt-20201120+dfsg.1/conn/gnutls.c
Examining data/neomutt-20201120+dfsg.1/conn/lib.h
Examining data/neomutt-20201120+dfsg.1/conn/openssl.c
Examining data/neomutt-20201120+dfsg.1/conn/private.h
Examining data/neomutt-20201120+dfsg.1/conn/raw.c
Examining data/neomutt-20201120+dfsg.1/conn/sasl.c
Examining data/neomutt-20201120+dfsg.1/conn/sasl.h
Examining data/neomutt-20201120+dfsg.1/conn/sasl_plain.c
Examining data/neomutt-20201120+dfsg.1/conn/sasl_plain.h
Examining data/neomutt-20201120+dfsg.1/conn/socket.c
Examining data/neomutt-20201120+dfsg.1/conn/socket.h
Examining data/neomutt-20201120+dfsg.1/conn/ssl.h
Examining data/neomutt-20201120+dfsg.1/conn/tunnel.c
Examining data/neomutt-20201120+dfsg.1/conn/zstrm.c
Examining data/neomutt-20201120+dfsg.1/conn/zstrm.h
Examining data/neomutt-20201120+dfsg.1/context.c
Examining data/neomutt-20201120+dfsg.1/context.h
Examining data/neomutt-20201120+dfsg.1/copy.c
Examining data/neomutt-20201120+dfsg.1/copy.h
Examining data/neomutt-20201120+dfsg.1/core/account.c
Examining data/neomutt-20201120+dfsg.1/core/account.h
Examining data/neomutt-20201120+dfsg.1/core/lib.h
Examining data/neomutt-20201120+dfsg.1/core/mailbox.c
Examining data/neomutt-20201120+dfsg.1/core/mailbox.h
Examining data/neomutt-20201120+dfsg.1/core/neomutt.c
Examining data/neomutt-20201120+dfsg.1/core/neomutt.h
Examining data/neomutt-20201120+dfsg.1/debug/backtrace.c
Examining data/neomutt-20201120+dfsg.1/debug/common.c
Examining data/neomutt-20201120+dfsg.1/debug/graphviz.c
Examining data/neomutt-20201120+dfsg.1/debug/lib.h
Examining data/neomutt-20201120+dfsg.1/debug/notify.c
Examining data/neomutt-20201120+dfsg.1/debug/parse_test.c
Examining data/neomutt-20201120+dfsg.1/debug/window.c
Examining data/neomutt-20201120+dfsg.1/docs/makedoc.c
Examining data/neomutt-20201120+dfsg.1/docs/makedoc_defs.h
Examining data/neomutt-20201120+dfsg.1/docs/config.c
Examining data/neomutt-20201120+dfsg.1/editmsg.c
Examining data/neomutt-20201120+dfsg.1/email/attach.c
Examining data/neomutt-20201120+dfsg.1/email/attach.h
Examining data/neomutt-20201120+dfsg.1/email/body.c
Examining data/neomutt-20201120+dfsg.1/email/body.h
Examining data/neomutt-20201120+dfsg.1/email/content.h
Examining data/neomutt-20201120+dfsg.1/email/email.c
Examining data/neomutt-20201120+dfsg.1/email/email.h
Examining data/neomutt-20201120+dfsg.1/email/envelope.c
Examining data/neomutt-20201120+dfsg.1/email/envelope.h
Examining data/neomutt-20201120+dfsg.1/email/from.c
Examining data/neomutt-20201120+dfsg.1/email/from.h
Examining data/neomutt-20201120+dfsg.1/email/globals.c
Examining data/neomutt-20201120+dfsg.1/email/globals.h
Examining data/neomutt-20201120+dfsg.1/email/lib.h
Examining data/neomutt-20201120+dfsg.1/email/mime.c
Examining data/neomutt-20201120+dfsg.1/email/mime.h
Examining data/neomutt-20201120+dfsg.1/email/parameter.c
Examining data/neomutt-20201120+dfsg.1/email/parameter.h
Examining data/neomutt-20201120+dfsg.1/email/parse.c
Examining data/neomutt-20201120+dfsg.1/email/parse.h
Examining data/neomutt-20201120+dfsg.1/email/rfc2047.c
Examining data/neomutt-20201120+dfsg.1/email/rfc2047.h
Examining data/neomutt-20201120+dfsg.1/email/rfc2231.c
Examining data/neomutt-20201120+dfsg.1/email/rfc2231.h
Examining data/neomutt-20201120+dfsg.1/email/tags.c
Examining data/neomutt-20201120+dfsg.1/email/tags.h
Examining data/neomutt-20201120+dfsg.1/email/thread.c
Examining data/neomutt-20201120+dfsg.1/email/thread.h
Examining data/neomutt-20201120+dfsg.1/email/url.c
Examining data/neomutt-20201120+dfsg.1/email/url.h
Examining data/neomutt-20201120+dfsg.1/enriched.c
Examining data/neomutt-20201120+dfsg.1/enriched.h
Examining data/neomutt-20201120+dfsg.1/enter.c
Examining data/neomutt-20201120+dfsg.1/enter_state.h
Examining data/neomutt-20201120+dfsg.1/flags.c
Examining data/neomutt-20201120+dfsg.1/format_flags.h
Examining data/neomutt-20201120+dfsg.1/functions.c
Examining data/neomutt-20201120+dfsg.1/functions.h
Examining data/neomutt-20201120+dfsg.1/gui/color.c
Examining data/neomutt-20201120+dfsg.1/gui/color.h
Examining data/neomutt-20201120+dfsg.1/gui/curs_lib.c
Examining data/neomutt-20201120+dfsg.1/gui/curs_lib.h
Examining data/neomutt-20201120+dfsg.1/gui/dialog.c
Examining data/neomutt-20201120+dfsg.1/gui/dialog.h
Examining data/neomutt-20201120+dfsg.1/gui/lib.h
Examining data/neomutt-20201120+dfsg.1/gui/mutt_curses.c
Examining data/neomutt-20201120+dfsg.1/gui/mutt_curses.h
Examining data/neomutt-20201120+dfsg.1/gui/mutt_window.c
Examining data/neomutt-20201120+dfsg.1/gui/mutt_window.h
Examining data/neomutt-20201120+dfsg.1/gui/reflow.c
Examining data/neomutt-20201120+dfsg.1/gui/reflow.h
Examining data/neomutt-20201120+dfsg.1/gui/terminal.c
Examining data/neomutt-20201120+dfsg.1/gui/terminal.h
Examining data/neomutt-20201120+dfsg.1/handler.c
Examining data/neomutt-20201120+dfsg.1/handler.h
Examining data/neomutt-20201120+dfsg.1/hcache/config.c
Examining data/neomutt-20201120+dfsg.1/hcache/hcache.c
Examining data/neomutt-20201120+dfsg.1/hcache/lib.h
Examining data/neomutt-20201120+dfsg.1/hcache/serialize.c
Examining data/neomutt-20201120+dfsg.1/hcache/serialize.h
Examining data/neomutt-20201120+dfsg.1/hdrline.c
Examining data/neomutt-20201120+dfsg.1/hdrline.h
Examining data/neomutt-20201120+dfsg.1/help.c
Examining data/neomutt-20201120+dfsg.1/helpbar/config.c
Examining data/neomutt-20201120+dfsg.1/helpbar/helpbar.c
Examining data/neomutt-20201120+dfsg.1/helpbar/lib.h
Examining data/neomutt-20201120+dfsg.1/helpbar/private.h
Examining data/neomutt-20201120+dfsg.1/helpbar/wdata.c
Examining data/neomutt-20201120+dfsg.1/history/config.c
Examining data/neomutt-20201120+dfsg.1/history/dlghistory.c
Examining data/neomutt-20201120+dfsg.1/history/history.c
Examining data/neomutt-20201120+dfsg.1/history/lib.h
Examining data/neomutt-20201120+dfsg.1/hook.c
Examining data/neomutt-20201120+dfsg.1/hook.h
Examining data/neomutt-20201120+dfsg.1/icommands.c
Examining data/neomutt-20201120+dfsg.1/icommands.h
Examining data/neomutt-20201120+dfsg.1/imap/auth.c
Examining data/neomutt-20201120+dfsg.1/imap/auth.h
Examining data/neomutt-20201120+dfsg.1/imap/auth_anon.c
Examining data/neomutt-20201120+dfsg.1/imap/auth_cram.c
Examining data/neomutt-20201120+dfsg.1/imap/auth_gss.c
Examining data/neomutt-20201120+dfsg.1/imap/auth_login.c
Examining data/neomutt-20201120+dfsg.1/imap/auth_oauth.c
Examining data/neomutt-20201120+dfsg.1/imap/auth_plain.c
Examining data/neomutt-20201120+dfsg.1/imap/auth_sasl.c
Examining data/neomutt-20201120+dfsg.1/imap/browse.c
Examining data/neomutt-20201120+dfsg.1/imap/command.c
Examining data/neomutt-20201120+dfsg.1/imap/config.c
Examining data/neomutt-20201120+dfsg.1/imap/imap.c
Examining data/neomutt-20201120+dfsg.1/imap/lib.h
Examining data/neomutt-20201120+dfsg.1/imap/message.c
Examining data/neomutt-20201120+dfsg.1/imap/message.h
Examining data/neomutt-20201120+dfsg.1/imap/msn.c
Examining data/neomutt-20201120+dfsg.1/imap/msn.h
Examining data/neomutt-20201120+dfsg.1/imap/private.h
Examining data/neomutt-20201120+dfsg.1/imap/search.c
Examining data/neomutt-20201120+dfsg.1/imap/utf7.c
Examining data/neomutt-20201120+dfsg.1/imap/util.c
Examining data/neomutt-20201120+dfsg.1/index.c
Examining data/neomutt-20201120+dfsg.1/index.h
Examining data/neomutt-20201120+dfsg.1/init.h
Examining data/neomutt-20201120+dfsg.1/keymap.c
Examining data/neomutt-20201120+dfsg.1/keymap.h
Examining data/neomutt-20201120+dfsg.1/mailcap.c
Examining data/neomutt-20201120+dfsg.1/mailcap.h
Examining data/neomutt-20201120+dfsg.1/maildir/config.c
Examining data/neomutt-20201120+dfsg.1/maildir/edata.c
Examining data/neomutt-20201120+dfsg.1/maildir/edata.h
Examining data/neomutt-20201120+dfsg.1/maildir/lib.h
Examining data/neomutt-20201120+dfsg.1/maildir/maildir.c
Examining data/neomutt-20201120+dfsg.1/maildir/mdata.c
Examining data/neomutt-20201120+dfsg.1/maildir/mdata.h
Examining data/neomutt-20201120+dfsg.1/maildir/mdemail.c
Examining data/neomutt-20201120+dfsg.1/maildir/mdemail.h
Examining data/neomutt-20201120+dfsg.1/maildir/mh.c
Examining data/neomutt-20201120+dfsg.1/maildir/private.h
Examining data/neomutt-20201120+dfsg.1/maildir/sequence.c
Examining data/neomutt-20201120+dfsg.1/maildir/sequence.h
Examining data/neomutt-20201120+dfsg.1/maildir/shared.c
Examining data/neomutt-20201120+dfsg.1/maillist.c
Examining data/neomutt-20201120+dfsg.1/maillist.h
Examining data/neomutt-20201120+dfsg.1/main.c
Examining data/neomutt-20201120+dfsg.1/main.h
Examining data/neomutt-20201120+dfsg.1/mbox/config.c
Examining data/neomutt-20201120+dfsg.1/mbox/lib.h
Examining data/neomutt-20201120+dfsg.1/mbox/mbox.c
Examining data/neomutt-20201120+dfsg.1/menu.c
Examining data/neomutt-20201120+dfsg.1/monitor.c
Examining data/neomutt-20201120+dfsg.1/monitor.h
Examining data/neomutt-20201120+dfsg.1/mutt.h
Examining data/neomutt-20201120+dfsg.1/mutt/array.h
Examining data/neomutt-20201120+dfsg.1/mutt/base64.c
Examining data/neomutt-20201120+dfsg.1/mutt/base64.h
Examining data/neomutt-20201120+dfsg.1/mutt/buffer.c
Examining data/neomutt-20201120+dfsg.1/mutt/buffer.h
Examining data/neomutt-20201120+dfsg.1/mutt/charset.c
Examining data/neomutt-20201120+dfsg.1/mutt/charset.h
Examining data/neomutt-20201120+dfsg.1/mutt/date.c
Examining data/neomutt-20201120+dfsg.1/mutt/date.h
Examining data/neomutt-20201120+dfsg.1/mutt/envlist.c
Examining data/neomutt-20201120+dfsg.1/mutt/envlist.h
Examining data/neomutt-20201120+dfsg.1/mutt/exit.c
Examining data/neomutt-20201120+dfsg.1/mutt/exit.h
Examining data/neomutt-20201120+dfsg.1/mutt/file.c
Examining data/neomutt-20201120+dfsg.1/mutt/file.h
Examining data/neomutt-20201120+dfsg.1/mutt/filter.c
Examining data/neomutt-20201120+dfsg.1/mutt/filter.h
Examining data/neomutt-20201120+dfsg.1/mutt/hash.c
Examining data/neomutt-20201120+dfsg.1/mutt/hash.h
Examining data/neomutt-20201120+dfsg.1/mutt/lib.h
Examining data/neomutt-20201120+dfsg.1/mutt/list.c
Examining data/neomutt-20201120+dfsg.1/mutt/list.h
Examining data/neomutt-20201120+dfsg.1/mutt/logging.c
Examining data/neomutt-20201120+dfsg.1/mutt/logging.h
Examining data/neomutt-20201120+dfsg.1/mutt/mapping.c
Examining data/neomutt-20201120+dfsg.1/mutt/mapping.h
Examining data/neomutt-20201120+dfsg.1/mutt/mbyte.c
Examining data/neomutt-20201120+dfsg.1/mutt/mbyte.h
Examining data/neomutt-20201120+dfsg.1/mutt/md5.c
Examining data/neomutt-20201120+dfsg.1/mutt/md5.h
Examining data/neomutt-20201120+dfsg.1/mutt/memory.c
Examining data/neomutt-20201120+dfsg.1/mutt/memory.h
Examining data/neomutt-20201120+dfsg.1/mutt/message.h
Examining data/neomutt-20201120+dfsg.1/mutt/notify.c
Examining data/neomutt-20201120+dfsg.1/mutt/notify.h
Examining data/neomutt-20201120+dfsg.1/mutt/notify_type.h
Examining data/neomutt-20201120+dfsg.1/mutt/observer.h
Examining data/neomutt-20201120+dfsg.1/mutt/path.c
Examining data/neomutt-20201120+dfsg.1/mutt/path.h
Examining data/neomutt-20201120+dfsg.1/mutt/pool.c
Examining data/neomutt-20201120+dfsg.1/mutt/pool.h
Examining data/neomutt-20201120+dfsg.1/mutt/prex.c
Examining data/neomutt-20201120+dfsg.1/mutt/prex.h
Examining data/neomutt-20201120+dfsg.1/mutt/queue.h
Examining data/neomutt-20201120+dfsg.1/mutt/random.c
Examining data/neomutt-20201120+dfsg.1/mutt/random.h
Examining data/neomutt-20201120+dfsg.1/mutt/regex.c
Examining data/neomutt-20201120+dfsg.1/mutt/regex3.h
Examining data/neomutt-20201120+dfsg.1/mutt/signal.c
Examining data/neomutt-20201120+dfsg.1/mutt/signal2.h
Examining data/neomutt-20201120+dfsg.1/mutt/slist.c
Examining data/neomutt-20201120+dfsg.1/mutt/slist.h
Examining data/neomutt-20201120+dfsg.1/mutt/string.c
Examining data/neomutt-20201120+dfsg.1/mutt/string2.h
Examining data/neomutt-20201120+dfsg.1/mutt_account.c
Examining data/neomutt-20201120+dfsg.1/mutt_account.h
Examining data/neomutt-20201120+dfsg.1/mutt_attach.c
Examining data/neomutt-20201120+dfsg.1/mutt_attach.h
Examining data/neomutt-20201120+dfsg.1/mutt_body.c
Examining data/neomutt-20201120+dfsg.1/mutt_body.h
Examining data/neomutt-20201120+dfsg.1/mutt_commands.c
Examining data/neomutt-20201120+dfsg.1/mutt_commands.h
Examining data/neomutt-20201120+dfsg.1/mutt_config.c
Examining data/neomutt-20201120+dfsg.1/mutt_globals.h
Examining data/neomutt-20201120+dfsg.1/mutt_header.c
Examining data/neomutt-20201120+dfsg.1/mutt_header.h
Examining data/neomutt-20201120+dfsg.1/mutt_history.c
Examining data/neomutt-20201120+dfsg.1/mutt_history.h
Examining data/neomutt-20201120+dfsg.1/mutt_logging.c
Examining data/neomutt-20201120+dfsg.1/mutt_logging.h
Examining data/neomutt-20201120+dfsg.1/mutt_lua.c
Examining data/neomutt-20201120+dfsg.1/mutt_lua.h
Examining data/neomutt-20201120+dfsg.1/mutt_mailbox.c
Examining data/neomutt-20201120+dfsg.1/mutt_mailbox.h
Examining data/neomutt-20201120+dfsg.1/mutt_menu.h
Examining data/neomutt-20201120+dfsg.1/mutt_options.h
Examining data/neomutt-20201120+dfsg.1/mutt_parse.c
Examining data/neomutt-20201120+dfsg.1/mutt_parse.h
Examining data/neomutt-20201120+dfsg.1/mutt_signal.c
Examining data/neomutt-20201120+dfsg.1/mutt_socket.c
Examining data/neomutt-20201120+dfsg.1/mutt_socket.h
Examining data/neomutt-20201120+dfsg.1/mutt_thread.c
Examining data/neomutt-20201120+dfsg.1/mutt_thread.h
Examining data/neomutt-20201120+dfsg.1/muttlib.c
Examining data/neomutt-20201120+dfsg.1/muttlib.h
Examining data/neomutt-20201120+dfsg.1/mx.c
Examining data/neomutt-20201120+dfsg.1/mx.h
Examining data/neomutt-20201120+dfsg.1/myvar.c
Examining data/neomutt-20201120+dfsg.1/myvar.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/config.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_mod.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_mod.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_mod_pgp_classic.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_mod_pgp_gpgme.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_mod_smime_classic.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/crypt_mod_smime_gpgme.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/cryptglue.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/cryptglue.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/dlgsmime.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/lib.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgp.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgp.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgplib.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgplib.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgpmicalg.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgpmicalg.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgppacket.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/pgppacket.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/private.h
Examining data/neomutt-20201120+dfsg.1/ncrypt/smime.c
Examining data/neomutt-20201120+dfsg.1/ncrypt/smime.h
Examining data/neomutt-20201120+dfsg.1/nntp/browse.c
Examining data/neomutt-20201120+dfsg.1/nntp/complete.c
Examining data/neomutt-20201120+dfsg.1/nntp/config.c
Examining data/neomutt-20201120+dfsg.1/nntp/lib.h
Examining data/neomutt-20201120+dfsg.1/nntp/newsrc.c
Examining data/neomutt-20201120+dfsg.1/nntp/nntp.c
Examining data/neomutt-20201120+dfsg.1/nntp/private.h
Examining data/neomutt-20201120+dfsg.1/notmuch/config.c
Examining data/neomutt-20201120+dfsg.1/notmuch/db.c
Examining data/neomutt-20201120+dfsg.1/notmuch/lib.h
Examining data/neomutt-20201120+dfsg.1/notmuch/notmuch.c
Examining data/neomutt-20201120+dfsg.1/notmuch/private.h
Examining data/neomutt-20201120+dfsg.1/opcodes.c
Examining data/neomutt-20201120+dfsg.1/opcodes.h
Examining data/neomutt-20201120+dfsg.1/options.h
Examining data/neomutt-20201120+dfsg.1/pager.c
Examining data/neomutt-20201120+dfsg.1/pager.h
Examining data/neomutt-20201120+dfsg.1/pattern/compile.c
Examining data/neomutt-20201120+dfsg.1/pattern/config.c
Examining data/neomutt-20201120+dfsg.1/pattern/dlgpattern.c
Examining data/neomutt-20201120+dfsg.1/pattern/exec.c
Examining data/neomutt-20201120+dfsg.1/pattern/flags.c
Examining data/neomutt-20201120+dfsg.1/pattern/lib.h
Examining data/neomutt-20201120+dfsg.1/pattern/pattern.c
Examining data/neomutt-20201120+dfsg.1/pattern/private.h
Examining data/neomutt-20201120+dfsg.1/pgpewrap.c
Examining data/neomutt-20201120+dfsg.1/pop/auth.c
Examining data/neomutt-20201120+dfsg.1/pop/config.c
Examining data/neomutt-20201120+dfsg.1/pop/lib.c
Examining data/neomutt-20201120+dfsg.1/pop/lib.h
Examining data/neomutt-20201120+dfsg.1/pop/pop.c
Examining data/neomutt-20201120+dfsg.1/pop/private.h
Examining data/neomutt-20201120+dfsg.1/postpone.c
Examining data/neomutt-20201120+dfsg.1/progress.c
Examining data/neomutt-20201120+dfsg.1/progress.h
Examining data/neomutt-20201120+dfsg.1/protos.h
Examining data/neomutt-20201120+dfsg.1/recvattach.c
Examining data/neomutt-20201120+dfsg.1/recvattach.h
Examining data/neomutt-20201120+dfsg.1/recvcmd.c
Examining data/neomutt-20201120+dfsg.1/recvcmd.h
Examining data/neomutt-20201120+dfsg.1/remailer.c
Examining data/neomutt-20201120+dfsg.1/remailer.h
Examining data/neomutt-20201120+dfsg.1/resize.c
Examining data/neomutt-20201120+dfsg.1/rfc3676.c
Examining data/neomutt-20201120+dfsg.1/rfc3676.h
Examining data/neomutt-20201120+dfsg.1/score.c
Examining data/neomutt-20201120+dfsg.1/score.h
Examining data/neomutt-20201120+dfsg.1/send/body.c
Examining data/neomutt-20201120+dfsg.1/send/body.h
Examining data/neomutt-20201120+dfsg.1/send/config.c
Examining data/neomutt-20201120+dfsg.1/send/header.c
Examining data/neomutt-20201120+dfsg.1/send/header.h
Examining data/neomutt-20201120+dfsg.1/send/lib.h
Examining data/neomutt-20201120+dfsg.1/send/multipart.c
Examining data/neomutt-20201120+dfsg.1/send/multipart.h
Examining data/neomutt-20201120+dfsg.1/send/send.c
Examining data/neomutt-20201120+dfsg.1/send/send.h
Examining data/neomutt-20201120+dfsg.1/send/sendlib.c
Examining data/neomutt-20201120+dfsg.1/send/sendlib.h
Examining data/neomutt-20201120+dfsg.1/send/sendmail.c
Examining data/neomutt-20201120+dfsg.1/send/sendmail.h
Examining data/neomutt-20201120+dfsg.1/send/smtp.c
Examining data/neomutt-20201120+dfsg.1/send/smtp.h
Examining data/neomutt-20201120+dfsg.1/sidebar/commands.c
Examining data/neomutt-20201120+dfsg.1/sidebar/config.c
Examining data/neomutt-20201120+dfsg.1/sidebar/functions.c
Examining data/neomutt-20201120+dfsg.1/sidebar/lib.h
Examining data/neomutt-20201120+dfsg.1/sidebar/observer.c
Examining data/neomutt-20201120+dfsg.1/sidebar/private.h
Examining data/neomutt-20201120+dfsg.1/sidebar/sidebar.c
Examining data/neomutt-20201120+dfsg.1/sidebar/sort.c
Examining data/neomutt-20201120+dfsg.1/sidebar/wdata.c
Examining data/neomutt-20201120+dfsg.1/sidebar/window.c
Examining data/neomutt-20201120+dfsg.1/sort.c
Examining data/neomutt-20201120+dfsg.1/sort.h
Examining data/neomutt-20201120+dfsg.1/state.c
Examining data/neomutt-20201120+dfsg.1/state.h
Examining data/neomutt-20201120+dfsg.1/status.c
Examining data/neomutt-20201120+dfsg.1/status.h
Examining data/neomutt-20201120+dfsg.1/store/bdb.c
Examining data/neomutt-20201120+dfsg.1/store/gdbm.c
Examining data/neomutt-20201120+dfsg.1/store/kc.c
Examining data/neomutt-20201120+dfsg.1/store/lib.h
Examining data/neomutt-20201120+dfsg.1/store/lmdb.c
Examining data/neomutt-20201120+dfsg.1/store/qdbm.c
Examining data/neomutt-20201120+dfsg.1/store/rocksdb.c
Examining data/neomutt-20201120+dfsg.1/store/store.c
Examining data/neomutt-20201120+dfsg.1/store/tc.c
Examining data/neomutt-20201120+dfsg.1/store/tdb.c
Examining data/neomutt-20201120+dfsg.1/system.c
Examining data/neomutt-20201120+dfsg.1/test/account/account_free.c
Examining data/neomutt-20201120+dfsg.1/test/account/account_mailbox_add.c
Examining data/neomutt-20201120+dfsg.1/test/account/account_mailbox_remove.c
Examining data/neomutt-20201120+dfsg.1/test/account/account_new.c
Examining data/neomutt-20201120+dfsg.1/test/acutest.h
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cmp.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_copy.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_create.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_for_display.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_free.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_new.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_to_intl.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_to_local.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_valid_msgid.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addr_write.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_append.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_clear.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_copy.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_count_recips.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_dedupe.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_equal.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_parse.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_parse2.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_prepend.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_qualify.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_remove.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_remove_xrefs.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_search.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_to_intl.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_to_local.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write.c
Examining data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write_list.c
Examining data/neomutt-20201120+dfsg.1/test/array/mutt_array_api.c
Examining data/neomutt-20201120+dfsg.1/test/attach/mutt_actx_add_attach.c
Examining data/neomutt-20201120+dfsg.1/test/attach/mutt_actx_add_body.c
Examining data/neomutt-20201120+dfsg.1/test/attach/mutt_actx_add_fp.c
Examining data/neomutt-20201120+dfsg.1/test/attach/mutt_actx_entries_free.c
Examining data/neomutt-20201120+dfsg.1/test/attach/mutt_actx_free.c
Examining data/neomutt-20201120+dfsg.1/test/attach/mutt_actx_new.c
Examining data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_buffer_decode.c
Examining data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_buffer_encode.c
Examining data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_decode.c
Examining data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_encode.c
Examining data/neomutt-20201120+dfsg.1/test/body/mutt_body_cmp_strict.c
Examining data/neomutt-20201120+dfsg.1/test/body/mutt_body_free.c
Examining data/neomutt-20201120+dfsg.1/test/body/mutt_body_new.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_add_printf.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addch.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr_n.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_alloc.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_concat_path.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_concatn_path.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_copy.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_dealloc.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_fix_dptr.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_init.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_is_empty.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_len.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_make.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_printf.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_reset.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strcpy.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strcpy_n.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strdup.c
Examining data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_substrcpy.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_canonical_charset.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_charset_lookup.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_check.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_check_charset.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_choose.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_chscmp.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_convert_nonmime_string.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_convert_string.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_fgetconv.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_fgetconv_close.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_fgetconv_open.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_fgetconvs.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_get_default_charset.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_get_langinfo_charset.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_iconv.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_iconv_lookup.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_iconv_open.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_lookup_add.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_lookup_remove.c
Examining data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_set_charset.c
Examining data/neomutt-20201120+dfsg.1/test/common.c
Examining data/neomutt-20201120+dfsg.1/test/compress/common.c
Examining data/neomutt-20201120+dfsg.1/test/compress/common.h
Examining data/neomutt-20201120+dfsg.1/test/compress/lz4.c
Examining data/neomutt-20201120+dfsg.1/test/compress/zlib.c
Examining data/neomutt-20201120+dfsg.1/test/compress/zstd.c
Examining data/neomutt-20201120+dfsg.1/test/config/account.c
Examining data/neomutt-20201120+dfsg.1/test/config/account2.h
Examining data/neomutt-20201120+dfsg.1/test/config/address.c
Examining data/neomutt-20201120+dfsg.1/test/config/address.h
Examining data/neomutt-20201120+dfsg.1/test/config/bool.c
Examining data/neomutt-20201120+dfsg.1/test/config/bool.h
Examining data/neomutt-20201120+dfsg.1/test/config/common.c
Examining data/neomutt-20201120+dfsg.1/test/config/common.h
Examining data/neomutt-20201120+dfsg.1/test/config/dump.c
Examining data/neomutt-20201120+dfsg.1/test/config/enum.c
Examining data/neomutt-20201120+dfsg.1/test/config/enum.h
Examining data/neomutt-20201120+dfsg.1/test/config/helpers.c
Examining data/neomutt-20201120+dfsg.1/test/config/initial.c
Examining data/neomutt-20201120+dfsg.1/test/config/initial.h
Examining data/neomutt-20201120+dfsg.1/test/config/long.c
Examining data/neomutt-20201120+dfsg.1/test/config/long.h
Examining data/neomutt-20201120+dfsg.1/test/config/mbtable.c
Examining data/neomutt-20201120+dfsg.1/test/config/mbtable.h
Examining data/neomutt-20201120+dfsg.1/test/config/number.c
Examining data/neomutt-20201120+dfsg.1/test/config/number.h
Examining data/neomutt-20201120+dfsg.1/test/config/path.c
Examining data/neomutt-20201120+dfsg.1/test/config/path.h
Examining data/neomutt-20201120+dfsg.1/test/config/quad.c
Examining data/neomutt-20201120+dfsg.1/test/config/quad.h
Examining data/neomutt-20201120+dfsg.1/test/config/regex.c
Examining data/neomutt-20201120+dfsg.1/test/config/regex3.h
Examining data/neomutt-20201120+dfsg.1/test/config/set.c
Examining data/neomutt-20201120+dfsg.1/test/config/set.h
Examining data/neomutt-20201120+dfsg.1/test/config/slist.c
Examining data/neomutt-20201120+dfsg.1/test/config/slist.h
Examining data/neomutt-20201120+dfsg.1/test/config/sort.c
Examining data/neomutt-20201120+dfsg.1/test/config/sort.h
Examining data/neomutt-20201120+dfsg.1/test/config/string.c
Examining data/neomutt-20201120+dfsg.1/test/config/string4.h
Examining data/neomutt-20201120+dfsg.1/test/config/subset.c
Examining data/neomutt-20201120+dfsg.1/test/config/synonym.c
Examining data/neomutt-20201120+dfsg.1/test/config/synonym.h
Examining data/neomutt-20201120+dfsg.1/test/config/variable.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_add_timeout.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_check_month.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_epoch.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_epoch_ms.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_gmtime.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_local_tz.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_localtime.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_localtime_format.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_make_date.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_make_imap.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_make_time.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_make_tls.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_normalize_time.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_parse_date.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_parse_imap.c
Examining data/neomutt-20201120+dfsg.1/test/date/mutt_date_sleep_ms.c
Examining data/neomutt-20201120+dfsg.1/test/email/common.c
Examining data/neomutt-20201120+dfsg.1/test/email/common.h
Examining data/neomutt-20201120+dfsg.1/test/email/email_cmp_strict.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_free.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_header_add.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_header_find.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_header_free.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_header_set.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_header_update.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_new.c
Examining data/neomutt-20201120+dfsg.1/test/email/email_size.c
Examining data/neomutt-20201120+dfsg.1/test/email/emaillist_add_email.c
Examining data/neomutt-20201120+dfsg.1/test/email/emaillist_clear.c
Examining data/neomutt-20201120+dfsg.1/test/email/mutt_autocrypthdr_free.c
Examining data/neomutt-20201120+dfsg.1/test/email/mutt_autocrypthdr_new.c
Examining data/neomutt-20201120+dfsg.1/test/envelope/mutt_env_cmp_strict.c
Examining data/neomutt-20201120+dfsg.1/test/envelope/mutt_env_free.c
Examining data/neomutt-20201120+dfsg.1/test/envelope/mutt_env_merge.c
Examining data/neomutt-20201120+dfsg.1/test/envelope/mutt_env_new.c
Examining data/neomutt-20201120+dfsg.1/test/envelope/mutt_env_to_intl.c
Examining data/neomutt-20201120+dfsg.1/test/envelope/mutt_env_to_local.c
Examining data/neomutt-20201120+dfsg.1/test/envlist/mutt_envlist_free.c
Examining data/neomutt-20201120+dfsg.1/test/envlist/mutt_envlist_getlist.c
Examining data/neomutt-20201120+dfsg.1/test/envlist/mutt_envlist_init.c
Examining data/neomutt-20201120+dfsg.1/test/envlist/mutt_envlist_set.c
Examining data/neomutt-20201120+dfsg.1/test/envlist/mutt_envlist_unset.c
Examining data/neomutt-20201120+dfsg.1/test/file/common.c
Examining data/neomutt-20201120+dfsg.1/test/file/common.h
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_buffer_file_expand_fmt_quote.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_buffer_quote_filename.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_check_empty.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add_stat.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm_stat.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_copy_bytes.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_copy_stream.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_decrease_mtime.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_expand_fmt.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_fclose.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_fopen.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_fsync_close.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_get_size.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_get_stat_timespec.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_iter_line.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_lock.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_map_lines.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_mkdir.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_mkstemp_full.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_open.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_quote_filename.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_read_keyword.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_read_line.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_rename.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_resolve_symlink.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_rmtree.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_safe_rename.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_sanitize_filename.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_sanitize_regex.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_set_mtime.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_stat_compare.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_stat_timespec_compare.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_symlink.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_timespec_compare.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_touch_atime.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_unlink.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_unlink_empty.c
Examining data/neomutt-20201120+dfsg.1/test/file/mutt_file_unlock.c
Examining data/neomutt-20201120+dfsg.1/test/filter/filter_create.c
Examining data/neomutt-20201120+dfsg.1/test/filter/filter_create_fd.c
Examining data/neomutt-20201120+dfsg.1/test/filter/filter_wait.c
Examining data/neomutt-20201120+dfsg.1/test/from/is_from.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_group_match.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_add.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_add_addrlist.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_add_regex.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_clear.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_destroy.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_free.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_init.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_remove_addrlist.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_grouplist_remove_regex.c
Examining data/neomutt-20201120+dfsg.1/test/group/mutt_pattern_group.c
Examining data/neomutt-20201120+dfsg.1/test/gui/reflow.c
Examining data/neomutt-20201120+dfsg.1/test/gui/visible.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_delete.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_find.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_find_bucket.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_find_elem.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_free.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_insert.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_int_delete.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_int_find.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_int_insert.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_int_new.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_new.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_set_destructor.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_typed_insert.c
Examining data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_walk.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_add.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_at_scratch.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_free.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_init.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_next.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_prev.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_read_file.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_reset_state.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_save_scratch.c
Examining data/neomutt-20201120+dfsg.1/test/history/mutt_hist_search.c
Examining data/neomutt-20201120+dfsg.1/test/idna/mutt_idna_intl_to_local.c
Examining data/neomutt-20201120+dfsg.1/test/idna/mutt_idna_local_to_intl.c
Examining data/neomutt-20201120+dfsg.1/test/idna/mutt_idna_print_version.c
Examining data/neomutt-20201120+dfsg.1/test/idna/mutt_idna_to_ascii_lz.c
Examining data/neomutt-20201120+dfsg.1/test/list/common.c
Examining data/neomutt-20201120+dfsg.1/test/list/common.h
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_clear.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_compare.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_find.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_free.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_free_type.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_insert_after.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_insert_head.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_insert_tail.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_match.c
Examining data/neomutt-20201120+dfsg.1/test/list/mutt_list_str_split.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_disp_file.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_disp_null.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_disp_queue.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_disp_terminal.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_file_close.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_file_open.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_file_running.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_file_set_filename.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_file_set_level.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_file_set_version.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_queue_add.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_queue_empty.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_queue_flush.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_queue_save.c
Examining data/neomutt-20201120+dfsg.1/test/logging/log_queue_set_max_size.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_changed.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_find.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_find_name.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_free.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_new.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_set_subset.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_size_add.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_size_sub.c
Examining data/neomutt-20201120+dfsg.1/test/mailbox/mailbox_update.c
Examining data/neomutt-20201120+dfsg.1/test/main.c
Examining data/neomutt-20201120+dfsg.1/test/mapping/mutt_map_get_name.c
Examining data/neomutt-20201120+dfsg.1/test/mapping/mutt_map_get_value.c
Examining data/neomutt-20201120+dfsg.1/test/mapping/mutt_map_get_value_n.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_charlen.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_filter_unprintable.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_get_initials.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_is_display_corrupting_utf8.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_is_lower.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_is_shell_char.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_mbstowcs.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_wcstombs.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_wcswidth.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_wcwidth.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_width.c
Examining data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_width_ceiling.c
Examining data/neomutt-20201120+dfsg.1/test/md5/common.c
Examining data/neomutt-20201120+dfsg.1/test/md5/common.h
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5.c
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_bytes.c
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_finish_ctx.c
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_init_ctx.c
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_process.c
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_process_bytes.c
Examining data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_toascii.c
Examining data/neomutt-20201120+dfsg.1/test/memory/mutt_mem_calloc.c
Examining data/neomutt-20201120+dfsg.1/test/memory/mutt_mem_free.c
Examining data/neomutt-20201120+dfsg.1/test/memory/mutt_mem_malloc.c
Examining data/neomutt-20201120+dfsg.1/test/memory/mutt_mem_realloc.c
Examining data/neomutt-20201120+dfsg.1/test/neo/neomutt_account_add.c
Examining data/neomutt-20201120+dfsg.1/test/neo/neomutt_account_remove.c
Examining data/neomutt-20201120+dfsg.1/test/neo/neomutt_free.c
Examining data/neomutt-20201120+dfsg.1/test/neo/neomutt_mailboxlist_clear.c
Examining data/neomutt-20201120+dfsg.1/test/neo/neomutt_mailboxlist_get_all.c
Examining data/neomutt-20201120+dfsg.1/test/neo/neomutt_new.c
Examining data/neomutt-20201120+dfsg.1/test/notify/notify_free.c
Examining data/neomutt-20201120+dfsg.1/test/notify/notify_new.c
Examining data/neomutt-20201120+dfsg.1/test/notify/notify_observer_add.c
Examining data/neomutt-20201120+dfsg.1/test/notify/notify_observer_remove.c
Examining data/neomutt-20201120+dfsg.1/test/notify/notify_send.c
Examining data/neomutt-20201120+dfsg.1/test/notify/notify_set_parent.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_cmp_strict.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_delete.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_free.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_free_one.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_get.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_new.c
Examining data/neomutt-20201120+dfsg.1/test/parameter/mutt_param_set.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_auto_subscribe.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_check_encoding.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_check_mime_type.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_extract_message_id.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_is_message_type.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_matches_ignore.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_parse_content_type.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_parse_mailto.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_parse_multipart.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_parse_part.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_read_mime_header.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_rfc822_parse_line.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_rfc822_parse_message.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_rfc822_read_header.c
Examining data/neomutt-20201120+dfsg.1/test/parse/mutt_rfc822_read_line.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_abbr_folder.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_basename.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_canon.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_concat.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_dirname.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_escape.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_getcwd.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_parent.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_pretty.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_realpath.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_tidy.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_tidy_dotdot.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_tidy_slash.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_tilde.c
Examining data/neomutt-20201120+dfsg.1/test/path/mutt_path_to_absolute.c
Examining data/neomutt-20201120+dfsg.1/test/pattern/comp.c
Examining data/neomutt-20201120+dfsg.1/test/pattern/dummy.c
Examining data/neomutt-20201120+dfsg.1/test/pattern/extract.c
Examining data/neomutt-20201120+dfsg.1/test/pool/mutt_buffer_pool_free.c
Examining data/neomutt-20201120+dfsg.1/test/pool/mutt_buffer_pool_get.c
Examining data/neomutt-20201120+dfsg.1/test/pool/mutt_buffer_pool_release.c
Examining data/neomutt-20201120+dfsg.1/test/prex/mutt_prex_capture.c
Examining data/neomutt-20201120+dfsg.1/test/prex/mutt_prex_free.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regex_capture.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regex_compile.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regex_free.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regex_match.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regex_new.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regexlist_add.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regexlist_free.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regexlist_match.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regexlist_new.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_regexlist_remove.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_add.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_apply.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_free.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_match.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_new.c
Examining data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_remove.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/common.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/common.h
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/rfc2047_decode.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/rfc2047_decode_addrlist.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/rfc2047_decode_envelope.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/rfc2047_encode.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/rfc2047_encode_addrlist.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2047/rfc2047_encode_envelope.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2231/rfc2231_decode_parameters.c
Examining data/neomutt-20201120+dfsg.1/test/rfc2231/rfc2231_encode_string.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_allow_interrupt.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_block.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_block_system.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_empty_handler.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_exit_handler.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_init.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_unblock.c
Examining data/neomutt-20201120+dfsg.1/test/signal/mutt_sig_unblock_system.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_add_list.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_add_string.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_compare.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_dup.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_empty.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_free.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_is_member.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_parse.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_remove_string.c
Examining data/neomutt-20201120+dfsg.1/test/slist/slist_to_buffer.c
Examining data/neomutt-20201120+dfsg.1/test/store/bdb.c
Examining data/neomutt-20201120+dfsg.1/test/store/common.c
Examining data/neomutt-20201120+dfsg.1/test/store/common.h
Examining data/neomutt-20201120+dfsg.1/test/store/gdbm.c
Examining data/neomutt-20201120+dfsg.1/test/store/kc.c
Examining data/neomutt-20201120+dfsg.1/test/store/lmdb.c
Examining data/neomutt-20201120+dfsg.1/test/store/qdbm.c
Examining data/neomutt-20201120+dfsg.1/test/store/rocksdb.c
Examining data/neomutt-20201120+dfsg.1/test/store/store.c
Examining data/neomutt-20201120+dfsg.1/test/store/tc.c
Examining data/neomutt-20201120+dfsg.1/test/store/tdb.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_istr_equal.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_istr_find.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_istr_remall.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_istrn_cmp.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_istrn_equal.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_adjust.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_append_item.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_asprintf.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_atoi.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_atol.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_atos.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_atoui.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_atoul.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_atoull.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_coll.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_copy.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_dequote_comment.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_dup.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_equal.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_find_word.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_getenv.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_inline_replace.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_is_ascii.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_is_email_wsp.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_len.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_lower.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_lws_len.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_lws_rlen.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_next_word.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_remove_trailing_ws.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_replace.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_skip_email_wsp.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_skip_whitespace.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_startswith.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_str_sysexit.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_strn_dup.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_strn_equal.c
Examining data/neomutt-20201120+dfsg.1/test/string/mutt_strn_rfind.c
Examining data/neomutt-20201120+dfsg.1/test/tags/driver_tags_free.c
Examining data/neomutt-20201120+dfsg.1/test/tags/driver_tags_get.c
Examining data/neomutt-20201120+dfsg.1/test/tags/driver_tags_get_transformed.c
Examining data/neomutt-20201120+dfsg.1/test/tags/driver_tags_get_transformed_for.c
Examining data/neomutt-20201120+dfsg.1/test/tags/driver_tags_get_with_hidden.c
Examining data/neomutt-20201120+dfsg.1/test/tags/driver_tags_replace.c
Examining data/neomutt-20201120+dfsg.1/test/test_common.h
Examining data/neomutt-20201120+dfsg.1/test/thread/clean_references.c
Examining data/neomutt-20201120+dfsg.1/test/thread/find_virtual.c
Examining data/neomutt-20201120+dfsg.1/test/thread/insert_message.c
Examining data/neomutt-20201120+dfsg.1/test/thread/is_descendant.c
Examining data/neomutt-20201120+dfsg.1/test/thread/mutt_break_thread.c
Examining data/neomutt-20201120+dfsg.1/test/thread/thread_hash_destructor.c
Examining data/neomutt-20201120+dfsg.1/test/thread/unlink_message.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_check_scheme.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_free.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_parse.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_pct_decode.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_pct_encode.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_tobuffer.c
Examining data/neomutt-20201120+dfsg.1/test/url/url_tostring.c
Examining data/neomutt-20201120+dfsg.1/version.c
Examining data/neomutt-20201120+dfsg.1/version.h
Examining data/neomutt-20201120+dfsg.1/wcscasecmp.c
Examining data/neomutt-20201120+dfsg.1/where.h
Examining data/neomutt-20201120+dfsg.1/init.c
FINAL RESULTS:
data/neomutt-20201120+dfsg.1/mutt/file.c:1047:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, mode);
data/neomutt-20201120+dfsg.1/mutt/file.c:1103:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, st->st_mode | mode);
data/neomutt-20201120+dfsg.1/mutt/file.c:1159:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(path, st->st_mode & ~mode);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod.c:71:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0000) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add.c:71:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0444) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add.c:81:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0666) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add_stat.c:62:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0444) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add_stat.c:73:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0666) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm.c:71:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0666) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm.c:81:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0444) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm_stat.c:62:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0666) == 0);
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm_stat.c:73:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
TEST_CHECK(chmod(first, 0444) == 0);
data/neomutt-20201120+dfsg.1/address/address.c:661:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(p, "%s@%s", a->mailbox, host);
data/neomutt-20201120+dfsg.1/address/idna.c:239:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mailbox, "%s@%s", NONULL(local_user), NONULL(local_domain));
data/neomutt-20201120+dfsg.1/address/idna.c:297:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mailbox, "%s@%s", NONULL(intl_user), NONULL(intl_domain));
data/neomutt-20201120+dfsg.1/alias/dlgalias.c:99:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, av->is_deleted ? "D" : " ");
data/neomutt-20201120+dfsg.1/alias/dlgalias.c:103:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, av->num + 1);
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:163:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, av->num + 1);
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:176:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, av->is_tagged ? '*' : ' ');
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:180:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, op);
data/neomutt-20201120+dfsg.1/autocrypt/dlgautocrypt.c:114:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, tmp, entry->num);
data/neomutt-20201120+dfsg.1/autocrypt/dlgautocrypt.c:300:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(msg, sizeof(msg),
data/neomutt-20201120+dfsg.1/browser.c:372:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->num + 1);
data/neomutt-20201120+dfsg.1/browser.c:478:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->gid);
data/neomutt-20201120+dfsg.1/browser.c:510:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->nlink);
data/neomutt-20201120+dfsg.1/browser.c:522:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->msg_count);
data/neomutt-20201120+dfsg.1/browser.c:533:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->has_new_mail ? 'N' : ' ');
data/neomutt-20201120+dfsg.1/browser.c:542:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->msg_unread);
data/neomutt-20201120+dfsg.1/browser.c:556:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, fn);
data/neomutt-20201120+dfsg.1/browser.c:564:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->tagged ? '*' : ' ');
data/neomutt-20201120+dfsg.1/browser.c:576:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->uid);
data/neomutt-20201120+dfsg.1/browser.c:585:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, op);
data/neomutt-20201120+dfsg.1/command_parse.c:318:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&tmpminor[1], a->minor);
data/neomutt-20201120+dfsg.1/commands.c:469:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(scratch, sizeof(scratch),
data/neomutt-20201120+dfsg.1/compmbox/compress.c:446:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!ci->cmd_close || (access(mailbox_path(m), W_OK) != 0))
data/neomutt-20201120+dfsg.1/compmbox/compress.c:691:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(m->realpath, F_OK) == 0) && ci->cmd_append)
data/neomutt-20201120+dfsg.1/compmbox/compress.c:716:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(mailbox_path(m), F_OK) != 0) && !C_SaveEmpty)
data/neomutt-20201120+dfsg.1/compose/compose.c:859:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
more_len = snprintf(more, sizeof(more),
data/neomutt-20201120+dfsg.1/compose/compose.c:1344:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, menu->max);
data/neomutt-20201120+dfsg.1/compose/compose.c:1349:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(ShortHostname));
data/neomutt-20201120+dfsg.1/compose/compose.c:1355:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, tmp);
data/neomutt-20201120+dfsg.1/compose/compose.c:1851:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(group->description, ALTS_TAG, p);
data/neomutt-20201120+dfsg.1/compose/compose.c:1948:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(group->description, LINGUAL_TAG, p);
data/neomutt-20201120+dfsg.1/compose/compose.c:2108:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(&fname), R_OK) == -1)
data/neomutt-20201120+dfsg.1/conn/tunnel.c:104:5: [4] (shell) execle:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execle(EXEC_SHELL, "sh", "-c", C_Tunnel, NULL, mutt_envlist_getlist());
data/neomutt-20201120+dfsg.1/copy.c:332:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(this_one + this_one_len, buf);
data/neomutt-20201120+dfsg.1/copy.c:1034:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p + plen, cbuf);
data/neomutt-20201120+dfsg.1/copy.c:1036:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p + plen, buf);
data/neomutt-20201120+dfsg.1/copy.c:1038:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p + plen, c2buf);
data/neomutt-20201120+dfsg.1/debug/parse_test.c:85:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(line, sizeof(line), tests[t], commands[c], vars[v]);
data/neomutt-20201120+dfsg.1/email/rfc2231.c:211:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value + l, par->value);
data/neomutt-20201120+dfsg.1/enriched.c:257:5: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(stte->line, stte->buffer);
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:809:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pc, "%s: ", prompt);
data/neomutt-20201120+dfsg.1/handler.c:867:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(strbuf, sizeof(strbuf), str, TYPE(b->parts), b->parts->subtype,
data/neomutt-20201120+dfsg.1/hdrline.c:585:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, e->msgno + 1);
data/neomutt-20201120+dfsg.1/hdrline.c:781:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, mutt_messages_in_thread(m, e, 1));
data/neomutt-20201120+dfsg.1/hdrline.c:788:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, mutt_messages_in_thread(m, e, 0));
data/neomutt-20201120+dfsg.1/hdrline.c:928:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf + colorlen, buflen - colorlen, fmt, (int) e->lines);
data/neomutt-20201120+dfsg.1/hdrline.c:954:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_count);
data/neomutt-20201120+dfsg.1/hdrline.c:973:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf + colorlen, buflen - colorlen, fmt, e->num_hidden);
data/neomutt-20201120+dfsg.1/hdrline.c:995:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, e->score);
data/neomutt-20201120+dfsg.1/hdrline.c:1120:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt,
data/neomutt-20201120+dfsg.1/hdrline.c:1187:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, count);
data/neomutt-20201120+dfsg.1/help.c:204:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, fmt, "");
data/neomutt-20201120+dfsg.1/init.c:271:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(buf, F_OK) == 0)
data/neomutt-20201120+dfsg.1/init.c:353:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *) C_Hostname, "%s.%s", NONULL(ShortHostname), DOMAIN);
data/neomutt-20201120+dfsg.1/init.c:363:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((char *) C_Hostname, "%s.%s", NONULL(ShortHostname), mutt_b2s(domain));
data/neomutt-20201120+dfsg.1/init.c:862:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(np->data, F_OK))
data/neomutt-20201120+dfsg.1/init.c:885:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(&buf), F_OK) == 0)
data/neomutt-20201120+dfsg.1/init.c:889:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(&buf), F_OK) == 0)
data/neomutt-20201120+dfsg.1/init.c:893:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(&buf), F_OK) == 0)
data/neomutt-20201120+dfsg.1/init.c:899:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(&buf), F_OK) == 0)
data/neomutt-20201120+dfsg.1/keymap.c:435:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(err->data, err->dsize, err_msg, old_binding, new_binding,
data/neomutt-20201120+dfsg.1/maildir/mh.c:81:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path, sizeof(path), "%s/.neomutt-%s-%d-%" PRIu64, mailbox_path(m),
data/neomutt-20201120+dfsg.1/maildir/mh.c:1212:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, F_OK) == 0)
data/neomutt-20201120+dfsg.1/maildir/mh.c:1216:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, F_OK) == 0)
data/neomutt-20201120+dfsg.1/maildir/mh.c:1220:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, F_OK) == 0)
data/neomutt-20201120+dfsg.1/maildir/mh.c:1224:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, F_OK) == 0)
data/neomutt-20201120+dfsg.1/maildir/mh.c:1228:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, F_OK) == 0)
data/neomutt-20201120+dfsg.1/maildir/mh.c:1235:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(tmp, F_OK) == 0)
data/neomutt-20201120+dfsg.1/mbox/mbox.c:377:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
m->readonly = access(mailbox_path(m), W_OK) ? true : false;
data/neomutt-20201120+dfsg.1/mutt/buffer.c:135:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int len = vsnprintf(buf->dptr, blen, fmt, ap);
data/neomutt-20201120+dfsg.1/mutt/buffer.c:142:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buf->dptr, len, fmt, ap_retry);
data/neomutt-20201120+dfsg.1/mutt/file.c:1351:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(oldfile, F_OK) != 0)
data/neomutt-20201120+dfsg.1/mutt/file.c:1353:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(newfile, F_OK) == 0)
data/neomutt-20201120+dfsg.1/mutt/filter.c:149:5: [4] (shell) execle:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execle(EXEC_SHELL, "sh", "-c", cmd, NULL, mutt_envlist_getlist());
data/neomutt-20201120+dfsg.1/mutt/logging.c:264:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret += vfprintf(LogFileFP, fmt, ap);
data/neomutt-20201120+dfsg.1/mutt/logging.c:409:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int ret = vsnprintf(buf, sizeof(buf), fmt, ap);
data/neomutt-20201120+dfsg.1/mutt/logging.c:452:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int ret = vsnprintf(buf, sizeof(buf), fmt, ap);
data/neomutt-20201120+dfsg.1/mutt/path.c:361:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(d, l, fmt, dir, fname);
data/neomutt-20201120+dfsg.1/mutt/string.c:1107:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
const int n = vsnprintf(*strp, rlen, fmt, ap);
data/neomutt-20201120+dfsg.1/mutt_logging.c:138:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int ret = vsnprintf(buf, sizeof(buf), fmt, ap);
data/neomutt-20201120+dfsg.1/muttlib.c:626:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(fname), F_OK) != 0)
data/neomutt-20201120+dfsg.1/muttlib.c:672:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((*opt == MUTT_SAVE_NO_FLAGS) && (access(mutt_b2s(fname), F_OK) == 0))
data/neomutt-20201120+dfsg.1/muttlib.c:1512:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(buf), F_OK) == 0)
data/neomutt-20201120+dfsg.1/muttlib.c:1521:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(mutt_b2s(buf), F_OK) == 0)
data/neomutt-20201120+dfsg.1/muttlib.c:1674:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, C_SizeUnitsOnLeft ? "K%3.1f" : "%3.1fK",
data/neomutt-20201120+dfsg.1/muttlib.c:1680:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, C_SizeUnitsOnLeft ? ("K%zu") : ("%zuK"), (num + 51) / 1024);
data/neomutt-20201120+dfsg.1/muttlib.c:1684:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, C_SizeUnitsOnLeft ? "M%3.1f" : "%3.1fM", num / 1048576.0);
data/neomutt-20201120+dfsg.1/muttlib.c:1689:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, C_SizeUnitsOnLeft ? ("M%zu") : ("%zuM"), (num + 52428) / 1048576);
data/neomutt-20201120+dfsg.1/mx.c:190:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access(path, flags);
data/neomutt-20201120+dfsg.1/mx.c:974:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf),
data/neomutt-20201120+dfsg.1/ncrypt/crypt.c:1006:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*keylist + keylist_size, " %s", self_encrypt);
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1609:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, prefix);
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:3894:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keylist + keylist_used, "%s0x%s%s", keylist_used ? " " : "",
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:660:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, ngettext("%s, %lu bit %s\n", "%s, %lu bit %s\n", aval), s2, aval, s);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:801:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, ngettext("%s, %lu bit %s\n", "%s, %lu bit %s\n", aval), "PGP", aval, s);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:992:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, s);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1000:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, crypt_key_abilities(kflags));
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1010:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, crypt_flags(kflags));
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1022:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, crypt_keyid(key));
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1035:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, val);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1043:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, entry->num);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1049:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, gpgme_get_protocol_name(key->kobj->protocol));
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1083:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, *s);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1091:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, key->uid);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1146:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, buf2);
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:316:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, key->algorithm);
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:323:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, pgp_key_abilities(kflags));
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:332:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, pgp_flags(kflags));
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:341:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, pgp_this_keyid(key));
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:348:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, key->keylen);
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:355:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, entry->num);
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:362:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, trust_flags[uid->trust & 0x03]);
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:374:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(uid->addr));
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:424:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, buf2);
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1511:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keylist + keylist_used, "%s0x%s", keylist_used ? " " : "", keyid);
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1881:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(promptbuf, sizeof(promptbuf),
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1909:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(promptbuf, sizeof(promptbuf),
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1935:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(promptbuf, sizeof(promptbuf),
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:93:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->signas));
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:104:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->fname));
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:115:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, cctx->need_passphrase ? "PGPPASSFD=0" : "");
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:126:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->ids));
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:137:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->sig_fname));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:238:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, mutt_b2s(buf2));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:254:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->certificates));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:266:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->intermediates));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:278:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->sig_fname));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:290:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->key));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:302:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->cryptalg));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:314:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->fname));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:326:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(cctx->digestalg));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:828:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(keylist + keylist_used, "%s%s", keylist_used ? " " : "", keyid);
data/neomutt-20201120+dfsg.1/nntp/browse.c:64:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->num + 1);
data/neomutt-20201120+dfsg.1/nntp/browse.c:76:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, desc);
data/neomutt-20201120+dfsg.1/nntp/browse.c:82:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, "");
data/neomutt-20201120+dfsg.1/nntp/browse.c:89:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, fn);
data/neomutt-20201120+dfsg.1/nntp/browse.c:95:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, 'D');
data/neomutt-20201120+dfsg.1/nntp/browse.c:97:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->nd->allowed ? ' ' : '-');
data/neomutt-20201120+dfsg.1/nntp/browse.c:103:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, ' ');
data/neomutt-20201120+dfsg.1/nntp/browse.c:105:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->has_new_mail ? 'N' : 'u');
data/neomutt-20201120+dfsg.1/nntp/browse.c:113:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->nd->last_message - folder->ff->nd->last_cached);
data/neomutt-20201120+dfsg.1/nntp/browse.c:118:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->nd->unread);
data/neomutt-20201120+dfsg.1/nntp/browse.c:139:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, folder->ff->nd->unread);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:268:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if ((sscanf(b, ANUM, &mdata->newsrc_ent[j].first) == 1) &&
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:269:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
(sscanf(h, ANUM, &mdata->newsrc_ent[j].last) == 1))
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:744:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(hdata, ANUM " " ANUM, &first, &last) == 2)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:783:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (!mdata || (sscanf(id, ANUM "%c", &anum, &c) != 1) ||
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:935:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, fn);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:940:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, cac->port);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:947:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, cac->port);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:954:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, fn);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:965:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, fn);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:970:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, cac->user);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:1155:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(hdata, ANUM " " ANUM, &first, &last) == 2)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1037:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(colon, ANUM, &anum) != 1)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1078:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, ANUM, &anum) != 1)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1113:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, ANUM, &anum) != 1)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1491:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(buf, "211 " ANUM " " ANUM " " ANUM, &count, &first, &last) != 3)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1781:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (!line || (sscanf(line, ANUM, &anum) != 1))
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2271:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buf + 4, ANUM, &nntp_edata_get(e)->article_num);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2488:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(buf, "211 " ANUM " " ANUM " " ANUM, &count, &first, &last) != 3)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2596:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), ANUM, nntp_edata_get(e)->article_num);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2681:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(article, sizeof(article), ANUM, nntp_edata_get(e)->article_num);
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:970:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1540:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!db || !new_file || !old_file || (access(new_file, F_OK) != 0))
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:2084:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!path || !mdata || (access(path, F_OK) != 0))
data/neomutt-20201120+dfsg.1/pager.c:2163:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(pager_progress_str, sizeof(pager_progress_str), OFF_T_FMT "%%",
data/neomutt-20201120+dfsg.1/pattern/dlgpattern.c:98:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, tmp, entry->num);
data/neomutt-20201120+dfsg.1/pgpewrap.c:61:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(opts[0], opts);
data/neomutt-20201120+dfsg.1/pop/pop.c:581:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, C_PopHost);
data/neomutt-20201120+dfsg.1/pop/pop.c:651:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(msgbuf, sizeof(msgbuf),
data/neomutt-20201120+dfsg.1/postpone.c:154:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(mutt_b2s(buf), F_OK) == 0) && (stat(mutt_b2s(buf), &st) == -1))
data/neomutt-20201120+dfsg.1/postpone.c:171:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(C_Postponed, R_OK | F_OK) != 0)
data/neomutt-20201120+dfsg.1/progress.c:65:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/neomutt-20201120+dfsg.1/recvattach.c:250:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt,
data/neomutt-20201120+dfsg.1/recvattach.c:365:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, aptr->num + 1);
data/neomutt-20201120+dfsg.1/recvattach.c:423:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, aptr->body->attach_count + aptr->body->attach_qualifies);
data/neomutt-20201120+dfsg.1/recvattach.c:1173:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(prompt, sizeof(prompt),
data/neomutt-20201120+dfsg.1/recvcmd.c:242:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(prompt, sizeof(prompt) - 4,
data/neomutt-20201120+dfsg.1/remailer.c:467:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(remailer->addr));
data/neomutt-20201120+dfsg.1/remailer.c:478:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, mix_format_caps(remailer));
data/neomutt-20201120+dfsg.1/remailer.c:486:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, remailer->num);
data/neomutt-20201120+dfsg.1/remailer.c:493:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(remailer->shortname));
data/neomutt-20201120+dfsg.1/send/send.c:940:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->subject, "Re: %s", curenv->real_subj);
data/neomutt-20201120+dfsg.1/send/sendlib.c:1166:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(np->data + i + 2, "%s", tmp);
data/neomutt-20201120+dfsg.1/send/sendmail.c:165:7: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(path, (char **) args->entries);
data/neomutt-20201120+dfsg.1/sidebar/window.c:314:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, c ? Context->mailbox->msg_deleted : 0);
data/neomutt-20201120+dfsg.1/sidebar/window.c:324:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_flagged);
data/neomutt-20201120+dfsg.1/sidebar/window.c:334:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, c ? Context->mailbox->vcount : m->msg_count);
data/neomutt-20201120+dfsg.1/sidebar/window.c:344:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_unread);
data/neomutt-20201120+dfsg.1/sidebar/window.c:354:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->has_new ? 'N' : ' ');
data/neomutt-20201120+dfsg.1/sidebar/window.c:364:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_unread - m->msg_new);
data/neomutt-20201120+dfsg.1/sidebar/window.c:374:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_count - m->msg_unread);
data/neomutt-20201120+dfsg.1/sidebar/window.c:384:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_count);
data/neomutt-20201120+dfsg.1/sidebar/window.c:394:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, c ? Context->mailbox->msg_tagged : 0);
data/neomutt-20201120+dfsg.1/sidebar/window.c:404:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m->msg_new);
data/neomutt-20201120+dfsg.1/state.c:159:8: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rc = vfprintf(s->fp_out, fmt, ap);
data/neomutt-20201120+dfsg.1/status.c:122:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:135:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:148:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, tmp);
data/neomutt-20201120+dfsg.1/status.c:174:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, tmp);
data/neomutt-20201120+dfsg.1/status.c:182:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:191:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, NONULL(ShortHostname));
data/neomutt-20201120+dfsg.1/status.c:201:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, tmp);
data/neomutt-20201120+dfsg.1/status.c:213:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, tmp);
data/neomutt-20201120+dfsg.1/status.c:225:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:236:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m ? m->vcount : 0);
data/neomutt-20201120+dfsg.1/status.c:248:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:261:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:274:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, count);
data/neomutt-20201120+dfsg.1/status.c:301:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, cp);
data/neomutt-20201120+dfsg.1/status.c:336:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, read);
data/neomutt-20201120+dfsg.1/status.c:345:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, get_sort_str(tmp, sizeof(tmp), C_Sort));
data/neomutt-20201120+dfsg.1/status.c:350:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, get_sort_str(tmp, sizeof(tmp), C_SortAux));
data/neomutt-20201120+dfsg.1/status.c:359:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, num);
data/neomutt-20201120+dfsg.1/status.c:370:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, m ? m->msg_unread : 0);
data/neomutt-20201120+dfsg.1/status.c:384:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, fmt, ctx_has_limit(Context) ? Context->pattern : "");
data/neomutt-20201120+dfsg.1/system.c:89:5: [4] (shell) execle:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execle(EXEC_SHELL, "sh", "-c", cmd, NULL, mutt_envlist_getlist());
data/neomutt-20201120+dfsg.1/test/acutest.h:524:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static int TEST_ATTRIBUTE_(format (printf, 2, 3))
data/neomutt-20201120+dfsg.1/test/acutest.h:532:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, args);
data/neomutt-20201120+dfsg.1/test/acutest.h:653:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int TEST_ATTRIBUTE_(format (printf, 4, 5))
data/neomutt-20201120+dfsg.1/test/acutest.h:704:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/neomutt-20201120+dfsg.1/test/acutest.h:717:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void TEST_ATTRIBUTE_(format (printf, 1, 2))
data/neomutt-20201120+dfsg.1/test/acutest.h:734:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(test_case_name_, sizeof(test_case_name_) - 1, fmt, args);
data/neomutt-20201120+dfsg.1/test/acutest.h:746:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void TEST_ATTRIBUTE_(format (printf, 1, 2))
data/neomutt-20201120+dfsg.1/test/acutest.h:763:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, TEST_MSG_MAXSIZE, fmt, args);
data/neomutt-20201120+dfsg.1/test/acutest.h:803:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((title[strlen(title)-1] == ':') ? "%s\n" : "%s:\n", title);
data/neomutt-20201120+dfsg.1/test/acutest.h:942:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void TEST_ATTRIBUTE_(format (printf, 1, 2))
data/neomutt-20201120+dfsg.1/test/acutest.h:955:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/neomutt-20201120+dfsg.1/test/acutest.h:1317:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(auxbuf, "--%s", opt->longname);
data/neomutt-20201120+dfsg.1/test/common.c:41:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, buflen, NONULL(fmt), NONULL(get_test_dir()));
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:111:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "\"%s\",", e->p.str ? e->p.str : "");
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:112:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s,", !e->child ? "(null)" : "(list)");
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:113:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s", SLIST_NEXT(e, entries) ? "(next)" : "(null)");
data/neomutt-20201120+dfsg.1/version.c:391:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, fmt, co[i].name);
data/neomutt-20201120+dfsg.1/version.c:436:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, fmt, mutt_make_version());
data/neomutt-20201120+dfsg.1/browser.c:786:39: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(np->mailbox->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/browser.c:786:67: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(np->mailbox->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/browser.c:853:39: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(np->mailbox->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/browser.c:853:67: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(np->mailbox->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/command_parse.c:939:44: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_error("Unknown Mailbox: %s", m->realpath);
data/neomutt-20201120+dfsg.1/command_parse.c:955:50: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
struct Mailbox *m_old = mx_mbox_find(a, m->realpath);
data/neomutt-20201120+dfsg.1/commands.c:1160:46: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
m_comp = mailbox_find(ctx_save->mailbox->realpath);
data/neomutt-20201120+dfsg.1/compmbox/compress.c:93:28: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
ci->fp_lock = fopen(m->realpath, "a");
data/neomutt-20201120+dfsg.1/compmbox/compress.c:95:28: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
ci->fp_lock = fopen(m->realpath, "r");
data/neomutt-20201120+dfsg.1/compmbox/compress.c:98:20: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_perror(m->realpath);
data/neomutt-20201120+dfsg.1/compmbox/compress.c:153:24: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_replace(&m->realpath, mailbox_path(m));
data/neomutt-20201120+dfsg.1/compmbox/compress.c:182:36: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
ci->size = mutt_file_get_size(m->realpath);
data/neomutt-20201120+dfsg.1/compmbox/compress.c:265:45: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_buffer_quote_filename(quoted, m->realpath, false);
data/neomutt-20201120+dfsg.1/compmbox/compress.c:322:31: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_message(progress, m->realpath);
data/neomutt-20201120+dfsg.1/compmbox/compress.c:524:49: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!ci->cmd_append && (mutt_file_get_size(m->realpath) > 0))
data/neomutt-20201120+dfsg.1/compmbox/compress.c:591:36: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
int size = mutt_file_get_size(m->realpath);
data/neomutt-20201120+dfsg.1/compmbox/compress.c:691:20: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if ((access(m->realpath, F_OK) == 0) && ci->cmd_append)
data/neomutt-20201120+dfsg.1/compmbox/compress.c:718:17: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
remove(m->realpath);
data/neomutt-20201120+dfsg.1/core/mailbox.c:81:12: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
FREE(&m->realpath);
data/neomutt-20201120+dfsg.1/core/mailbox.h:84:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *realpath; ///< Used for duplicate detection, context comparison, and the sidebar
data/neomutt-20201120+dfsg.1/debug/graphviz.c:599:40: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
dot_path_imap(buf, sizeof(buf), m->realpath);
data/neomutt-20201120+dfsg.1/debug/graphviz.c:606:38: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
dot_path_fs(buf, sizeof(buf), m->realpath);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1371:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "cmsd")) != EOF)
data/neomutt-20201120+dfsg.1/hcache/hcache.c:311:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(folder, p))
data/neomutt-20201120+dfsg.1/imap/imap.c:1757:26: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_account_hook(m->realpath);
data/neomutt-20201120+dfsg.1/imap/imap.c:1778:26: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_replace(&m->realpath, mailbox_path(m));
data/neomutt-20201120+dfsg.1/index.c:703:63: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (Context->mailbox->compress_info && (Context->mailbox->realpath[0] != '\0'))
data/neomutt-20201120+dfsg.1/index.c:704:56: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
new_last_folder = mutt_str_dup(Context->mailbox->realpath);
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1058:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char realpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1067:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
snprintf(realpath, sizeof(realpath), "%s/%s", path, (iter == 0) ? "cur" : "new");
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1067:31: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
snprintf(realpath, sizeof(realpath), "%s/%s", path, (iter == 0) ? "cur" : "new");
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1068:18: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
dp = opendir(realpath);
data/neomutt-20201120+dfsg.1/main.c:444:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
i = getopt(argc, argv, "+A:a:Bb:F:f:c:Dd:l:Ee:g:GH:i:hm:nOpQ:RSs:TvxyzZ");
data/neomutt-20201120+dfsg.1/main.c:1175:47: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_buffer_strcpy(&folder, m_desc->realpath);
data/neomutt-20201120+dfsg.1/monitor.c:337:21: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
info->path = m->realpath;
data/neomutt-20201120+dfsg.1/monitor.c:342:36: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
info->path = Context->mailbox->realpath;
data/neomutt-20201120+dfsg.1/monitor.c:557:42: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (mailbox_find(Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/mutt/file.c:1624:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(mutt_b2s(buf), path))
data/neomutt-20201120+dfsg.1/mutt/path.c:420:10: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
path = realpath(abs_path, path);
data/neomutt-20201120+dfsg.1/mutt/path.c:447:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(buf, s))
data/neomutt-20201120+dfsg.1/mutt/string.c:996:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *val = getenv(name);
data/neomutt-20201120+dfsg.1/muttlib.c:577:12: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
realpath(p, tmp))
data/neomutt-20201120+dfsg.1/mx.c:1489:10: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (m->realpath)
data/neomutt-20201120+dfsg.1/mx.c:1490:27: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_copy(buf, m->realpath, sizeof(buf));
data/neomutt-20201120+dfsg.1/mx.c:1496:24: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_replace(&m->realpath, buf);
data/neomutt-20201120+dfsg.1/mx.c:1501:40: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_buffer_strcpy(&m->pathbuf, m->realpath);
data/neomutt-20201120+dfsg.1/mx.c:1570:31: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!m || !m->mx_ops || !m->realpath)
data/neomutt-20201120+dfsg.1/mx.c:1579:35: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (m->mx_ops->ac_find(np, m->realpath))
data/neomutt-20201120+dfsg.1/mx.c:1613:39: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (mutt_str_equal(np->mailbox->realpath, path))
data/neomutt-20201120+dfsg.1/mx.c:1619:36: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
url_a = url_parse(np->mailbox->realpath);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2420:24: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_account_hook(m->realpath);
data/neomutt-20201120+dfsg.1/pop/pop.c:813:24: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_replace(&m->realpath, mailbox_path(m));
data/neomutt-20201120+dfsg.1/pop/pop.c:833:26: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_account_hook(m->realpath);
data/neomutt-20201120+dfsg.1/postpone.c:114:43: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (m && mutt_str_equal(C_Postponed, m->realpath))
data/neomutt-20201120+dfsg.1/sidebar/sidebar.c:99:25: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(m->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/sidebar/sidebar.c:99:53: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(m->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/sidebar/sidebar.c:117:42: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (mutt_str_equal((*sbep)->mailbox->realpath, m->realpath))
data/neomutt-20201120+dfsg.1/sidebar/sidebar.c:117:55: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (mutt_str_equal((*sbep)->mailbox->realpath, m->realpath))
data/neomutt-20201120+dfsg.1/sidebar/sidebar.c:175:44: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (mutt_str_equal((*sbep)->mailbox->realpath, m->realpath))
data/neomutt-20201120+dfsg.1/sidebar/sidebar.c:175:57: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (mutt_str_equal((*sbep)->mailbox->realpath, m->realpath))
data/neomutt-20201120+dfsg.1/sidebar/window.c:292:45: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(Context->mailbox->realpath, m->realpath);
data/neomutt-20201120+dfsg.1/sidebar/window.c:292:58: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(Context->mailbox->realpath, m->realpath);
data/neomutt-20201120+dfsg.1/sidebar/window.c:504:49: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (Context && mutt_str_equal(sbe->mailbox->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/sidebar/window.c:504:77: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (Context && mutt_str_equal(sbe->mailbox->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/sidebar/window.c:676:59: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (Context && Context->mailbox && (Context->mailbox->realpath[0] != '\0') &&
data/neomutt-20201120+dfsg.1/sidebar/window.c:677:27: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(m->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/sidebar/window.c:677:55: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_equal(m->realpath, Context->mailbox->realpath))
data/neomutt-20201120+dfsg.1/status.c:154:40: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (m && m->compress_info && (m->realpath[0] != '\0'))
data/neomutt-20201120+dfsg.1/status.c:156:31: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
mutt_str_copy(tmp, m->realpath, sizeof(tmp));
data/neomutt-20201120+dfsg.1/address/address.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1024];
data/neomutt-20201120+dfsg.1/address/address.c:342:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1024];
data/neomutt-20201120+dfsg.1/address/address.c:464:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[1024], phrase[1024];
data/neomutt-20201120+dfsg.1/address/address.c:688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/neomutt-20201120+dfsg.1/address/address.c:1206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[256];
data/neomutt-20201120+dfsg.1/address/address.c:1233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/address/idna.c:315:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vstring[256];
data/neomutt-20201120+dfsg.1/alias/alias.c:159:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/neomutt-20201120+dfsg.1/alias/alias.c:241:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, s, l);
data/neomutt-20201120+dfsg.1/alias/alias.c:259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/alias/alias.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmp[1024] = { 0 }, prompt[2048];
data/neomutt-20201120+dfsg.1/alias/alias.c:372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixed[1024];
data/neomutt-20201120+dfsg.1/alias/alias.c:491:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_alias = fopen(buf, "a+");
data/neomutt-20201120+dfsg.1/alias/dlgalias.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128], addr[1024];
data/neomutt-20201120+dfsg.1/alias/dlgalias.c:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bestname[8192] = { 0 };
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256] = { 0 };
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:569:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ", ");
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = { 0 };
data/neomutt-20201120+dfsg.1/autocrypt/dlgautocrypt.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/neomutt-20201120+dfsg.1/autocrypt/dlgautocrypt.c:299:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/neomutt-20201120+dfsg.1/autocrypt/gpgme.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/bcache/bcache.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[256];
data/neomutt-20201120+dfsg.1/browser.c:364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[128], fmt[128];
data/neomutt-20201120+dfsg.1/browser.c:401:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[128];
data/neomutt-20201120+dfsg.1/browser.c:434:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char permission[11];
data/neomutt-20201120+dfsg.1/browser.c:457:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char permission[11];
data/neomutt-20201120+dfsg.1/browser.c:1050:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_dir[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/browser.c:1123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/browser.c:1138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/neomutt-20201120+dfsg.1/browser.c:1148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char goto_swapper[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/browser.c:1625:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/neomutt-20201120+dfsg.1/browser.c:1966:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[PATH_MAX];
data/neomutt-20201120+dfsg.1/browser.c:2062:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[256];
data/neomutt-20201120+dfsg.1/browser.c:2146:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[256];
data/neomutt-20201120+dfsg.1/command_parse.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rcfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/command_parse.c:1510:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/commands.c:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char columns[16];
data/neomutt-20201120+dfsg.1/commands.c:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/commands.c:420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[8193];
data/neomutt-20201120+dfsg.1/commands.c:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[8192];
data/neomutt-20201120+dfsg.1/commands.c:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192] = { 0 };
data/neomutt-20201120+dfsg.1/commands.c:846:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/commands.c:874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/commands.c:921:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/commands.c:1274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/commands.c:1275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[1024];
data/neomutt-20201120+dfsg.1/commands.c:1276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/neomutt-20201120+dfsg.1/commands.c:1277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charset[256];
data/neomutt-20201120+dfsg.1/compmbox/compress.c:93:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ci->fp_lock = fopen(m->realpath, "a");
data/neomutt-20201120+dfsg.1/compmbox/compress.c:95:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ci->fp_lock = fopen(m->realpath, "r");
data/neomutt-20201120+dfsg.1/compmbox/compress.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_cmd[STR_COMMAND];
data/neomutt-20201120+dfsg.1/compose/compose.c:837:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char more[32];
data/neomutt-20201120+dfsg.1/compose/compose.c:1039:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192] = { 0 }; /* needs to be large for alias expansion */
data/neomutt-20201120+dfsg.1/compose/compose.c:1040:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_list[8192] = { 0 };
data/neomutt-20201120+dfsg.1/compose/compose.c:1222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/compose/compose.c:1335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128], tmp[128];
data/neomutt-20201120+dfsg.1/compose/compose.c:1474:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/compose/compose.c:2462:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256] = { 0 };
data/neomutt-20201120+dfsg.1/compress/compress.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256] = { 0 };
data/neomutt-20201120+dfsg.1/compress/lib.h:67:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *(*open)(short level);
data/neomutt-20201120+dfsg.1/config/address.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8192] = { 0 };
data/neomutt-20201120+dfsg.1/config/path.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/config/subset.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scope[256];
data/neomutt-20201120+dfsg.1/config/subset.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scope[256];
data/neomutt-20201120+dfsg.1/config/subset.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scope[256];
data/neomutt-20201120+dfsg.1/config/subset.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scope[256];
data/neomutt-20201120+dfsg.1/conn/connaccount.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/neomutt-20201120+dfsg.1/conn/connaccount.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/neomutt-20201120+dfsg.1/conn/connaccount.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oauthbearer[1024];
data/neomutt-20201120+dfsg.1/conn/connaccount.h:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[128]; ///< Server to login to
data/neomutt-20201120+dfsg.1/conn/connaccount.h:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char login[128]; ///< Login name
data/neomutt-20201120+dfsg.1/conn/connaccount.h:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[128]; ///< Username
data/neomutt-20201120+dfsg.1/conn/connaccount.h:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pass[256]; ///< Password
data/neomutt-20201120+dfsg.1/conn/connection.h:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[1024]; ///< Buffer for incoming traffic
data/neomutt-20201120+dfsg.1/conn/connection.h:62:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct Connection *conn);
data/neomutt-20201120+dfsg.1/conn/getdomain.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[256];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:160:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[64];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:173:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[8];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fpbuf[128];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[30];
data/neomutt-20201120+dfsg.1/conn/gnutls.c:472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/neomutt-20201120+dfsg.1/conn/openssl.c:135:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/conn/openssl.c:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, buf, buflen);
data/neomutt-20201120+dfsg.1/conn/openssl.c:364:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char data[128];
data/neomutt-20201120+dfsg.1/conn/openssl.c:381:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[EVP_MAX_MD_SIZE];
data/neomutt-20201120+dfsg.1/conn/openssl.c:392:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[8];
data/neomutt-20201120+dfsg.1/conn/openssl.c:408:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/neomutt-20201120+dfsg.1/conn/openssl.c:436:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[EVP_MAX_MD_SIZE];
data/neomutt-20201120+dfsg.1/conn/openssl.c:630:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char peermd[EVP_MAX_MD_SIZE];
data/neomutt-20201120+dfsg.1/conn/openssl.c:659:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char peermd[EVP_MAX_MD_SIZE];
data/neomutt-20201120+dfsg.1/conn/openssl.c:883:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/conn/openssl.c:920:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/neomutt-20201120+dfsg.1/conn/openssl.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/conn/openssl.c:1026:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char last_cert_md[EVP_MAX_MD_SIZE];
data/neomutt-20201120+dfsg.1/conn/raw.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[6];
data/neomutt-20201120+dfsg.1/conn/raw.c:232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin.sin_addr, he->h_addr_list[i], he->h_length);
data/neomutt-20201120+dfsg.1/conn/sasl.c:76:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct Connection *conn);
data/neomutt-20201120+dfsg.1/conn/sasl.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
data/neomutt-20201120+dfsg.1/conn/sasl.c:376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) secret_ptr->data, cac->pass, (size_t) len);
data/neomutt-20201120+dfsg.1/conn/sasl.c:430:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int rc = sasldata->open(conn);
data/neomutt-20201120+dfsg.1/conn/sasl.c:448:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conn->open = sasldata->open;
data/neomutt-20201120+dfsg.1/conn/sasl.c:481:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sasldata->buf + sasldata->bpos, olen);
data/neomutt-20201120+dfsg.1/conn/sasl.c:514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, sasldata->buf, olen);
data/neomutt-20201120+dfsg.1/conn/sasl.c:608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iplocalport[IP_PORT_BUFLEN], ipremoteport[IP_PORT_BUFLEN];
data/neomutt-20201120+dfsg.1/conn/sasl.c:700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[128];
data/neomutt-20201120+dfsg.1/conn/sasl.c:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[128];
data/neomutt-20201120+dfsg.1/conn/sasl.c:714:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, resp, interaction->len);
data/neomutt-20201120+dfsg.1/conn/sasl.c:755:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sasldata->open = conn->open;
data/neomutt-20201120+dfsg.1/conn/sasl_plain.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[768];
data/neomutt-20201120+dfsg.1/conn/socket.c:82:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rc = conn->open(conn);
data/neomutt-20201120+dfsg.1/conn/socket.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/conn/tunnel.c:89:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd_null = open("/dev/null", O_RDWR);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:111:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
conn->open = zctx->next_conn.open;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:295:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zctx->next_conn.open = conn->open;
data/neomutt-20201120+dfsg.1/copy.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* should be long enough to get most fields in one pass */
data/neomutt-20201120+dfsg.1/copy.c:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chsbuf[128];
data/neomutt-20201120+dfsg.1/copy.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/copy.c:490:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/copy.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[128];
data/neomutt-20201120+dfsg.1/copy.c:867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/copy.c:988:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/copy.c:989:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[256];
data/neomutt-20201120+dfsg.1/copy.c:990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c2buf[256];
data/neomutt-20201120+dfsg.1/copy.c:1010:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cbuf, "\n\t");
data/neomutt-20201120+dfsg.1/debug/backtrace.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "[NULL]";
data/neomutt-20201120+dfsg.1/debug/graphviz.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj1[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj2[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstr[128] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:319:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:420:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scope[256];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:802:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:828:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:934:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:940:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[128];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:950:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(name, "w");
data/neomutt-20201120+dfsg.1/debug/graphviz.c:964:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj1[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:965:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj2[16] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1085:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arr[64];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arr[256];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[32];
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256] = { 0 };
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1417:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(name, "w");
data/neomutt-20201120+dfsg.1/debug/parse_test.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:864:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1017:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if (atoi(s))
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1074:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "\\r");
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1077:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "\\n");
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1080:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "\\t");
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1083:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "\\f");
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1086:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dest, "\\%03o", c);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1093:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[BUFSIZE];
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1397:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[optind], "r");
data/neomutt-20201120+dfsg.1/editmsg.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/editmsg.c:184:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(mutt_b2s(fname), "r");
data/neomutt-20201120+dfsg.1/email/envelope.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&base->member, &(*extra)->member, sizeof(struct Buffer)); \
data/neomutt-20201120+dfsg.1/email/parse.c:494:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/email/parse.c:1121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[linelen + 1];
data/neomutt-20201120+dfsg.1/email/parse.c:1148:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char return_path[1024];
data/neomutt-20201120+dfsg.1/email/parse.c:1461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/email/rfc2047.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, "=?", 2);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, tocode, strlen(tocode));
data/neomutt-20201120+dfsg.1/email/rfc2047.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, "?B?", 3);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[11];
data/neomutt-20201120+dfsg.1/email/rfc2047.c:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, "?=", 2);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, "=?", 2);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, tocode, strlen(tocode));
data/neomutt-20201120+dfsg.1/email/rfc2047.c:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, "?Q?", 3);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, "?=", 2);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ENCWORD_LEN_MAX - ENCWORD_LEN_MIN + 1];
data/neomutt-20201120+dfsg.1/email/rfc2047.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, d, dlen);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ENCWORD_LEN_MAX - ENCWORD_LEN_MIN + 1];
data/neomutt-20201120+dfsg.1/email/rfc2047.c:536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, u, t0 - u);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:582:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufpos, line_break, lb_len);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufpos, t1, u + ulen - t1);
data/neomutt-20201120+dfsg.1/email/rfc2231.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attribute[256];
data/neomutt-20201120+dfsg.1/email/rfc2231.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charset[256];
data/neomutt-20201120+dfsg.1/email/rfc2231.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charset[256];
data/neomutt-20201120+dfsg.1/email/url.c:369:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/neomutt-20201120+dfsg.1/email/url.c:392:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/neomutt-20201120+dfsg.1/enriched.c:477:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tag[1024 + 1];
data/neomutt-20201120+dfsg.1/enter.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(savebuf, state->wbuf + state->curpos, savelen * sizeof(wchar_t));
data/neomutt-20201120+dfsg.1/enter.c:117:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->wbuf + state->curpos, savebuf, savelen * sizeof(wchar_t));
data/neomutt-20201120+dfsg.1/enter.c:690:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf, state->wbuf, templen * sizeof(wchar_t));
data/neomutt-20201120+dfsg.1/gui/color.c:424:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const missing[3] = { "brown", "lightgray", "default" };
data/neomutt-20201120+dfsg.1/gui/color.c:474:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fgc[128], bgc[128];
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char answer[2];
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:609:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/tty", O_RDONLY);
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:1061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MB_LEN_MAX * 2];
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:1100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[MB_LEN_MAX];
data/neomutt-20201120+dfsg.1/gui/mutt_window.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/handler.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char length[5];
data/neomutt-20201120+dfsg.1/handler.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufo[BUFO_SIZE];
data/neomutt-20201120+dfsg.1/handler.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufi[BUFI_SIZE];
data/neomutt-20201120+dfsg.1/handler.c:310:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/neomutt-20201120+dfsg.1/handler.c:311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decline[512];
data/neomutt-20201120+dfsg.1/handler.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmps[128];
data/neomutt-20201120+dfsg.1/handler.c:376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufi[BUFI_SIZE];
data/neomutt-20201120+dfsg.1/handler.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/neomutt-20201120+dfsg.1/handler.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/handler.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/handler.c:533:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/handler.c:763:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[1024];
data/neomutt-20201120+dfsg.1/handler.c:790:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pretty_size[10];
data/neomutt-20201120+dfsg.1/handler.c:1391:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s->fp_in = fopen(mutt_b2s(tempfile), "r");
data/neomutt-20201120+dfsg.1/handler.c:1496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/neomutt-20201120+dfsg.1/handler.c:1499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufi[BUFI_SIZE];
data/neomutt-20201120+dfsg.1/handler.c:1736:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystroke[128] = { 0 };
data/neomutt-20201120+dfsg.1/hcache/hcache.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&e_dump, e, sizeof(struct Email));
data/neomutt-20201120+dfsg.1/hcache/hcache.c:128:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + *off, &e_dump, sizeof(struct Email));
data/neomutt-20201120+dfsg.1/hcache/hcache.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, d + off, sizeof(struct Email));
data/neomutt-20201120+dfsg.1/hcache/hcache.c:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/neomutt-20201120+dfsg.1/hcache/hcache.c:199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rk.key, key, keylen + 1); // Including NUL byte
data/neomutt-20201120+dfsg.1/hcache/hcache.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m[16]; /* binary md5sum */
data/neomutt-20201120+dfsg.1/hcache/hcache.c:333:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charval[16];
data/neomutt-20201120+dfsg.1/hcache/hcache.c:370:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hc->cctx = cops->open(C_HeaderCacheCompressLevel);
data/neomutt-20201120+dfsg.1/hcache/hcache.c:395:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hc->ctx = ops->open(mutt_b2s(hcpath));
data/neomutt-20201120+dfsg.1/hcache/hcache.c:401:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hc->ctx = ops->open(mutt_b2s(hcpath));
data/neomutt-20201120+dfsg.1/hcache/hcache.c:553:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(whole, data, hlen);
data/neomutt-20201120+dfsg.1/hcache/hcache.c:554:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(whole + hlen, cdata, clen);
data/neomutt-20201120+dfsg.1/hcache/serialize.c:68:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + *off, &i, sizeof(int));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + *off, &s, sizeof(uint32_t));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, d + *off, sizeof(int));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, d + *off, sizeof(uint32_t));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + *off, p, size);
data/neomutt-20201120+dfsg.1/hcache/serialize.c:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*c, d + *off, size);
data/neomutt-20201120+dfsg.1/hcache/serialize.c:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + start_off, &counter, sizeof(int));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:283:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + start_off, &counter, sizeof(int));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + start_off, &counter, sizeof(int));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nb, c, sizeof(struct Body));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:438:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + *off, &nb, sizeof(struct Body));
data/neomutt-20201120+dfsg.1/hcache/serialize.c:463:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, d + *off, sizeof(struct Body));
data/neomutt-20201120+dfsg.1/hdrline.c:183:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char padded[8];
data/neomutt-20201120+dfsg.1/hdrline.c:184:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *long_prefixes[DISP_MAX] = {
data/neomutt-20201120+dfsg.1/hdrline.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128], tmp[1024];
data/neomutt-20201120+dfsg.1/hdrline.c:716:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%c%02u%02u", e->zoccident ? '-' : '+', e->zhours, e->zminutes);
data/neomutt-20201120+dfsg.1/hdrline.c:834:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[3];
data/neomutt-20201120+dfsg.1/help.c:112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MB_LEN_MAX * 2];
data/neomutt-20201120+dfsg.1/help.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[32] = { 0 };
data/neomutt-20201120+dfsg.1/help.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/help.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/helpbar/helpbar.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/neomutt-20201120+dfsg.1/helpbar/helpbar.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpstr[1024] = { 0 };
data/neomutt-20201120+dfsg.1/history/dlghistory.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/neomutt-20201120+dfsg.1/history/history.c:281:40: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fflush(fp_tmp) == 0) && (fp = fopen(NONULL(C_HistoryFile), "w")))
data/neomutt-20201120+dfsg.1/hook.c:804:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/hook.c:840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/icommands.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_binding[32];
data/neomutt-20201120+dfsg.1/icommands.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_binding[MAX_SEQ];
data/neomutt-20201120+dfsg.1/icommands.c:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/icommands.c:315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/icommands.c:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:50:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipad[MD5_BLOCK_LEN] = { 0 };
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:51:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opad[MD5_BLOCK_LEN] = { 0 };
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char secret[MD5_BLOCK_LEN + 1];
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_passwd[MD5_DIGEST_LEN];
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipad, secret, secret_len);
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:70:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opad, secret, secret_len);
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[2048], obuf[1024];
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmac_response[MD5_DIGEST_LEN];
data/neomutt-20201120+dfsg.1/imap/auth_gss.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_maj[512];
data/neomutt-20201120+dfsg.1/imap/auth_gss.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_min[512];
data/neomutt-20201120+dfsg.1/imap/auth_login.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char q_user[256], q_pass[256];
data/neomutt-20201120+dfsg.1/imap/auth_login.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/auth_plain.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = { 0 };
data/neomutt-20201120+dfsg.1/imap/browse.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/browse.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/browse.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailbox[1024];
data/neomutt-20201120+dfsg.1/imap/browse.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 16];
data/neomutt-20201120+dfsg.1/imap/browse.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbox[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/browse.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char munged_mbox[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/browse.c:322:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relpath[2];
data/neomutt-20201120+dfsg.1/imap/browse.c:384:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/neomutt-20201120+dfsg.1/imap/browse.c:436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/browse.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/command.c:571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delimbuf[5]; /* worst case: "\\"\0 */
data/neomutt-20201120+dfsg.1/imap/command.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/imap/command.c:665:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quoted_name[256];
data/neomutt-20201120+dfsg.1/imap/imap.c:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urlstr[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048], mbox[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:484:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldmbox[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newmbox[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 7];
data/neomutt-20201120+dfsg.1/imap/imap.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbox[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/imap.c:935:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->emails, emails, m->email_max * sizeof(struct Email *));
data/neomutt-20201120+dfsg.1/imap/imap.c:996:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:998:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[11];
data/neomutt-20201120+dfsg.1/imap/imap.c:1160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2048];
data/neomutt-20201120+dfsg.1/imap/imap.c:1265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/neomutt-20201120+dfsg.1/imap/imap.c:1286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbox[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:1320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/neomutt-20201120+dfsg.1/imap/imap.c:1322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char completion[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:1396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:1623:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->emails, emails, m->msg_count * sizeof(struct Email *));
data/neomutt-20201120+dfsg.1/imap/imap.c:1744:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailbox[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/imap.c:1775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/imap.c:1806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/imap.c:1905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/imap.c:2118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX + 64];
data/neomutt-20201120+dfsg.1/imap/imap.c:2305:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[11];
data/neomutt-20201120+dfsg.1/imap/imap.c:2387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/imap.c:2388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/imap.c:2430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/imap/message.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[64];
data/neomutt-20201120+dfsg.1/imap/message.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[64];
data/neomutt-20201120+dfsg.1/imap/message.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[64];
data/neomutt-20201120+dfsg.1/imap/message.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/neomutt-20201120+dfsg.1/imap/message.c:694:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/message.c:905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/message.c:1436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024 * 2];
data/neomutt-20201120+dfsg.1/imap/message.c:1437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char internaldate[IMAP_DATELEN];
data/neomutt-20201120+dfsg.1/imap/message.c:1438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imap_flags[128];
data/neomutt-20201120+dfsg.1/imap/message.c:1448:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(msg->path, "r");
data/neomutt-20201120+dfsg.1/imap/message.c:1566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/message.c:1567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbox[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/message.c:1568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mmbox[PATH_MAX];
data/neomutt-20201120+dfsg.1/imap/message.c:1569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[PATH_MAX + 64];
data/neomutt-20201120+dfsg.1/imap/message.c:1741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[64];
data/neomutt-20201120+dfsg.1/imap/message.c:1843:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/private.h:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[SEQ_LEN + 1]; ///< Command tag, e.g. 'a0001'
data/neomutt-20201120+dfsg.1/imap/search.c:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[256];
data/neomutt-20201120+dfsg.1/imap/utf7.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char B64Chars[64] = {
data/neomutt-20201120+dfsg.1/imap/util.c:134:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/neomutt-20201120+dfsg.1/imap/util.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/imap/util.c:303:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbox[1024];
data/neomutt-20201120+dfsg.1/imap/util.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[16];
data/neomutt-20201120+dfsg.1/imap/util.c:498:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "/%u", uid);
data/neomutt-20201120+dfsg.1/imap/util.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[16];
data/neomutt-20201120+dfsg.1/imap/util.c:523:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "/%u", imap_edata_get(e)->uid);
data/neomutt-20201120+dfsg.1/imap/util.c:539:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[16];
data/neomutt-20201120+dfsg.1/imap/util.c:541:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "/%u", uid);
data/neomutt-20201120+dfsg.1/imap/util.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_mailbox[1024];
data/neomutt-20201120+dfsg.1/imap/util.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char home_mailbox[1024];
data/neomutt-20201120+dfsg.1/imap/util.c:770:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, target_mailbox + hlen + 1, tlen - hlen - 1);
data/neomutt-20201120+dfsg.1/index.c:1115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/index.c:1144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/index.c:1262:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/neomutt-20201120+dfsg.1/index.c:1312:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/neomutt-20201120+dfsg.1/index.c:1746:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/index.c:1775:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/neomutt-20201120+dfsg.1/index.c:1792:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/neomutt-20201120+dfsg.1/index.c:3649:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[128];
data/neomutt-20201120+dfsg.1/index.c:3658:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256], macro[256];
data/neomutt-20201120+dfsg.1/init.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char UserTyped[1024] = { 0 };
data/neomutt-20201120+dfsg.1/init.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Completed[256] = { 0 }; /* completed string (command or variable) */
data/neomutt-20201120+dfsg.1/init.c:268:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/init.c:934:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/neomutt-20201120+dfsg.1/init.c:1504:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[256];
data/neomutt-20201120+dfsg.1/keymap.c:238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->keys, keys, len * sizeof(keycode_t));
data/neomutt-20201120+dfsg.1/keymap.c:303:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/keymap.c:425:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_binding[MAX_SEQ];
data/neomutt-20201120+dfsg.1/keymap.c:426:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_binding[MAX_SEQ];
data/neomutt-20201120+dfsg.1/keymap.c:832:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[35];
data/neomutt-20201120+dfsg.1/keymap.c:853:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "<F%d>", c - KEY_F0);
data/neomutt-20201120+dfsg.1/keymap.c:1139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/mailcap.c:254:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "r");
data/neomutt-20201120+dfsg.1/maildir/maildir.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subdir[4];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char partpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:393:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:770:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(mutt_b2s(fname), "r");
data/neomutt-20201120+dfsg.1/maildir/maildir.c:911:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fname, "r");
data/neomutt-20201120+dfsg.1/maildir/maildir.c:936:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1028:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1032:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msg->fp = fopen(path, "r");
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subdir[16];
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1505:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY | O_EXCL | O_CREAT, 0666);
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:83:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY | O_EXCL | O_CREAT, 0666);
data/neomutt-20201120+dfsg.1/maildir/mh.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/neomutt-20201120+dfsg.1/maildir/mh.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char partpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:421:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:577:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(fname, "r");
data/neomutt-20201120+dfsg.1/maildir/mh.c:611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:694:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:756:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:775:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:817:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:821:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msg->fp = fopen(path, "r");
data/neomutt-20201120+dfsg.1/maildir/mh.c:884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:910:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:1066:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/mh.c:1209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequences[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_unseen[256];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_replied[256];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_flagged[256];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:138:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_old = fopen(sequences, "r");
data/neomutt-20201120+dfsg.1/maildir/sequence.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequences[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_unseen[256];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_replied[256];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_flagged[256];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:267:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_old = fopen(sequences, "r");
data/neomutt-20201120+dfsg.1/maildir/sequence.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[PATH_MAX];
data/neomutt-20201120+dfsg.1/maildir/sequence.c:386:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pathname, "r");
data/neomutt-20201120+dfsg.1/maildir/sequence.c:435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/main.c:698:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/main.c:801:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg2[256];
data/neomutt-20201120+dfsg.1/main.c:910:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(mutt_b2s(&expanded_infile), "r");
data/neomutt-20201120+dfsg.1/main.c:945:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(mutt_b2s(&tempfile), "r");
data/neomutt-20201120+dfsg.1/mbox/mbox.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char return_path[1024];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:358:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], return_path[256];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:737:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ + 9] = { 0 }; /* 7 for "\n\nFrom " */
data/neomutt-20201120+dfsg.1/mbox/mbox.c:819:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "rb");
data/neomutt-20201120+dfsg.1/mbox/mbox.c:897:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mailbox_path(m), "r+");
data/neomutt-20201120+dfsg.1/mbox/mbox.c:912:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mailbox_path(m), "r");
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1074:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1210:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(mutt_b2s(tempfile), O_WRONLY | O_EXCL | O_CREAT, 0600);
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1343:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(mutt_b2s(tempfile), "r");
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1634:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/neomutt-20201120+dfsg.1/menu.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *SearchBuffers[MENU_MAX];
data/neomutt-20201120+dfsg.1/menu.c:366:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/menu.c:382:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/menu.c:433:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/menu.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/menu.c:600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/menu.c:923:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/menu.c:1124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/monitor.c:400:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EVENT_BUFLEN] __attribute__((aligned(__alignof__(struct inotify_event))));
data/neomutt-20201120+dfsg.1/mutt/base64.c:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char B64Chars[64] = {
data/neomutt-20201120+dfsg.1/mutt/buffer.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->dptr, s, len);
data/neomutt-20201120+dfsg.1/mutt/charset.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[1024], scratch[1024];
data/neomutt-20201120+dfsg.1/mutt/charset.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/mutt/charset.c:442:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fcharset[128];
data/neomutt-20201120+dfsg.1/mutt/charset.c:452:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
return strcpy(fcharset, "us-ascii");
data/neomutt-20201120+dfsg.1/mutt/charset.c:464:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/charset.c:567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tocode1[128];
data/neomutt-20201120+dfsg.1/mutt/charset.c:568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromcode1[128];
data/neomutt-20201120+dfsg.1/mutt/charset.c:675:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ob, outrepl, n);
data/neomutt-20201120+dfsg.1/mutt/charset.c:941:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->bufi, fc->ib, fc->ibl);
data/neomutt-20201120+dfsg.1/mutt/charset.c:1005:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/mutt/charset.c:1055:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, p, n);
data/neomutt-20201120+dfsg.1/mutt/charset.c:1096:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char canonical_buf[1024];
data/neomutt-20201120+dfsg.1/mutt/charset.h:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufi[512];
data/neomutt-20201120+dfsg.1/mutt/charset.h:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufo[512];
data/neomutt-20201120+dfsg.1/mutt/date.c:300:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DaysPerMonth[mutt_array_size(Months)] = {
data/neomutt-20201120+dfsg.1/mutt/date.h:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzname[8]; ///< Name, e.g. UTC
data/neomutt-20201120+dfsg.1/mutt/envlist.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[1024];
data/neomutt-20201120+dfsg.1/mutt/file.c:207:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open(s, O_RDWR | O_NOFOLLOW);
data/neomutt-20201120+dfsg.1/mutt/file.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/file.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/neomutt-20201120+dfsg.1/mutt/file.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/mutt/file.c:543:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(mutt_b2s(&safe_file), flags, 0600);
data/neomutt-20201120+dfsg.1/mutt/file.c:559:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, flags & ~O_EXCL, 0600);
data/neomutt-20201120+dfsg.1/mutt/file.c:610:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(path, mode);
data/neomutt-20201120+dfsg.1/mutt/file.c:884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[PATH_MAX];
data/neomutt-20201120+dfsg.1/mutt/file.c:932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/neomutt-20201120+dfsg.1/mutt/file.c:938:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = mkstemp(name);
data/neomutt-20201120+dfsg.1/mutt/file.c:1318:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(path, O_RDWR);
data/neomutt-20201120+dfsg.1/mutt/file.c:1356:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_old = fopen(oldfile, "r");
data/neomutt-20201120+dfsg.1/mutt/file.c:1623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/mutt/logging.c:79:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[23] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/logging.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/mutt/logging.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/logging.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/mutt/mbyte.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3 * MB_LEN_MAX];
data/neomutt-20201120+dfsg.1/mutt/mbyte.c:277:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, buf, p - buf);
data/neomutt-20201120+dfsg.1/mutt/mbyte.c:282:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, buf, dlen);
data/neomutt-20201120+dfsg.1/mutt/mbyte.c:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[MB_LEN_MAX + 1];
data/neomutt-20201120+dfsg.1/mutt/md5.c:46:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
data/neomutt-20201120+dfsg.1/mutt/md5.c:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, &v, sizeof(v));
data/neomutt-20201120+dfsg.1/mutt/md5.c:304:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((char *) md5ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
data/neomutt-20201120+dfsg.1/mutt/md5.c:385:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((char *) md5ctx->buffer)[left_over], buf, add);
data/neomutt-20201120+dfsg.1/mutt/md5.c:394:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md5ctx->buffer, &((char *) md5ctx->buffer)[(left_over + add) & ~63],
data/neomutt-20201120+dfsg.1/mutt/md5.c:418:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
mutt_md5_process_block(memcpy(md5ctx->buffer, buf, 64), 64, md5ctx);
data/neomutt-20201120+dfsg.1/mutt/md5.c:437:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((char *) md5ctx->buffer)[left_over], buf, buflen);
data/neomutt-20201120+dfsg.1/mutt/md5.c:462:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(resbuf, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
data/neomutt-20201120+dfsg.1/mutt/path.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/path.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[128];
data/neomutt-20201120+dfsg.1/mutt/path.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/path.c:381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/mutt/path.c:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abs_path[PATH_MAX];
data/neomutt-20201120+dfsg.1/mutt/path.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PATH_MAX];
data/neomutt-20201120+dfsg.1/mutt/path.c:527:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dest[STR_COMMAND];
data/neomutt-20201120+dfsg.1/mutt/random.c:80:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_random = fopen("/dev/urandom", "rb");
data/neomutt-20201120+dfsg.1/mutt/regex.c:355:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char twinbuf[2][1024];
data/neomutt-20201120+dfsg.1/mutt/string.c:478:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, item, sz + 1);
data/neomutt-20201120+dfsg.1/mutt/string.c:535:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, len);
data/neomutt-20201120+dfsg.1/mutt/string.c:554:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, begin, len);
data/neomutt-20201120+dfsg.1/mutt_attach.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/mutt_attach.c:81:61: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mailcap_expand_filename(entry->nametemplate, a->filename, tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:87:31: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_pool_release(&tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:92:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_in = fopen(a->filename, "r")) &&
data/neomutt-20201120+dfsg.1/mutt_attach.c:93:42: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
(fp_out = mutt_file_fopen(mutt_b2s(tmpfile), "w")))
data/neomutt-20201120+dfsg.1/mutt_attach.c:96:45: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_str_replace(&a->filename, mutt_b2s(tmpfile));
data/neomutt-20201120+dfsg.1/mutt_attach.c:103:34: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_perror(fp_in ? mutt_b2s(tmpfile) : a->filename);
data/neomutt-20201120+dfsg.1/mutt_attach.c:108:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_pool_release(&tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/mutt_attach.c:201:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_mktemp(tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:202:53: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *fp_tmp = mutt_file_fopen(mutt_b2s(tmpfile), "w");
data/neomutt-20201120+dfsg.1/mutt_attach.c:213:43: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (mutt_file_rename(mutt_b2s(tmpfile), a->filename) != 0)
data/neomutt-20201120+dfsg.1/mutt_attach.c:239:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_pool_release(&tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/mutt_attach.c:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/mutt_attach.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[256];
data/neomutt-20201120+dfsg.1/mutt_attach.c:445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char columns[16];
data/neomutt-20201120+dfsg.1/mutt_attach.c:480:57: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mailcap_expand_filename(entry->nametemplate, fname, tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:483:46: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (mutt_save_attachment(fp, a, mutt_b2s(tmpfile), 0, NULL) == -1)
data/neomutt-20201120+dfsg.1/mutt_attach.c:487:55: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_rfc3676_space_unstuff_attachment(a, mutt_b2s(tmpfile));
data/neomutt-20201120+dfsg.1/mutt_attach.c:489:51: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
use_pipe = mailcap_expand_command(a, mutt_b2s(tmpfile), type, cmd);
data/neomutt-20201120+dfsg.1/mutt_attach.c:523:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (use_pipe && ((fd_temp = open(mutt_b2s(tmpfile), 0)) == -1))
data/neomutt-20201120+dfsg.1/mutt_attach.c:523:49: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (use_pipe && ((fd_temp = open(mutt_b2s(tmpfile), 0)) == -1))
data/neomutt-20201120+dfsg.1/mutt_attach.c:672:37: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (fp && !mutt_buffer_is_empty(tmpfile))
data/neomutt-20201120+dfsg.1/mutt_attach.c:675:41: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_add_temp_attachment(mutt_b2s(tmpfile));
data/neomutt-20201120+dfsg.1/mutt_attach.c:679:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(mutt_b2s(tmpfile));
data/neomutt-20201120+dfsg.1/mutt_attach.c:688:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_pool_release(&tmpfile);
data/neomutt-20201120+dfsg.1/mutt_attach.c:802:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(infile, "r");
data/neomutt-20201120+dfsg.1/mutt_attach.c:852:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(path, "a");
data/neomutt-20201120+dfsg.1/mutt_attach.c:854:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(path, "w");
data/neomutt-20201120+dfsg.1/mutt_attach.c:884:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/mutt_attach.c:957:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_old = fopen(m->filename, "r");
data/neomutt-20201120+dfsg.1/mutt_attach.c:1012:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s.fp_out = fopen(path, "a");
data/neomutt-20201120+dfsg.1/mutt_attach.c:1014:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s.fp_out = fopen(path, "w");
data/neomutt-20201120+dfsg.1/mutt_attach.c:1037:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s.fp_in = fopen(m->filename, "r");
data/neomutt-20201120+dfsg.1/mutt_attach.c:1101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/mutt_attach.c:1136:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(mutt_b2s(newfile), "r");
data/neomutt-20201120+dfsg.1/mutt_attach.c:1199:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(mutt_b2s(newfile), "r");
data/neomutt-20201120+dfsg.1/mutt_body.c:77:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, src, sizeof(struct Body));
data/neomutt-20201120+dfsg.1/mutt_globals.h:45:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
WHERE char ErrorBuf[256]; ///< Copy of the last error message
data/neomutt-20201120+dfsg.1/mutt_globals.h:46:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
WHERE char AttachmentMarker[256]; ///< Unique ANSI string to mark PGP messages in an email
data/neomutt-20201120+dfsg.1/mutt_globals.h:47:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
WHERE char ProtectedHeaderMarker[256]; ///< Unique ANSI string to mark protected headers in an email
data/neomutt-20201120+dfsg.1/mutt_header.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/mutt_header.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/mutt_header.c:192:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_in = fopen(body, "r");
data/neomutt-20201120+dfsg.1/mutt_header.c:232:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(mutt_b2s(path), "r");
data/neomutt-20201120+dfsg.1/mutt_logging.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/mutt_logging.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ver[64];
data/neomutt-20201120+dfsg.1/mutt_lua.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/mutt_lua.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/mutt_lua.c:489:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailboxlist[512];
data/neomutt-20201120+dfsg.1/mutt_socket.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&conn->account, cac, sizeof(struct ConnAccount));
data/neomutt-20201120+dfsg.1/mutt_socket.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hook[1024];
data/neomutt-20201120+dfsg.1/muttlib.c:391:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest[idx], pw->pw_name, MIN(destlen - idx - 1, pwnl));
data/neomutt-20201120+dfsg.1/muttlib.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[PATH_MAX];
data/neomutt-20201120+dfsg.1/muttlib.c:775:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[128], tmp[1024];
data/neomutt-20201120+dfsg.1/muttlib.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_str[128], else_str[128];
data/neomutt-20201120+dfsg.1/muttlib.c:783:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src2[256];
data/neomutt-20201120+dfsg.1/muttlib.c:812:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srccopy[1024];
data/neomutt-20201120+dfsg.1/muttlib.c:1133:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wptr, src, pl);
data/neomutt-20201120+dfsg.1/muttlib.c:1163:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wptr, tmp, len);
data/neomutt-20201120+dfsg.1/muttlib.c:1187:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wptr, src, pl);
data/neomutt-20201120+dfsg.1/muttlib.c:1230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wptr, tmp, len);
data/neomutt-20201120+dfsg.1/muttlib.c:1278:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wptr, src, bytes);
data/neomutt-20201120+dfsg.1/muttlib.c:1335:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/neomutt-20201120+dfsg.1/muttlib.c:1462:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vstring[256];
data/neomutt-20201120+dfsg.1/mx.c:948:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], tmp[256];
data/neomutt-20201120+dfsg.1/mx.c:972:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/mx.c:1119:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/mx.c:1487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/mx.c:1659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/ncrypt/crypt.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[256], tmp[256];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:685:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:822:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:924:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[256];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1823:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1924:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1975:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2119:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[256];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2579:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_tmp = fopen(mutt_b2s(tempfile), "r");
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2821:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2830:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body_charset[256]; /* Only used for clearsigned messages. */
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:2910:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[200];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:3731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[128];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:3805:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:4031:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:4244:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_signas[128];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tstr, buf, len);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, str, n); /* fixme: trim trailing spaces */
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:583:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortbuf[128];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:882:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:899:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1097:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[128];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:1331:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:230:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3];
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:380:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[128];
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmpbuf[256];
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:563:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_null = fopen("/dev/null", "w");
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:599:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/neomutt-20201120+dfsg.1/ncrypt/dlgpgp.c:630:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/neomutt-20201120+dfsg.1/ncrypt/dlgsmime.c:64:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3];
data/neomutt-20201120+dfsg.1/ncrypt/dlgsmime.c:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/dlgsmime.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[256];
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:111:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uid, buf, ob - buf);
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uid, buf, n);
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[11];
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k, &tmp, sizeof(*k));
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:420:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_null = open("/dev/null", O_RDWR);
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PgpPass[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body_charset[256];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:769:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:787:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_tmp = fopen(mutt_b2s(tempfile), "r");
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1671:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body_charset[256];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1676:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1686:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_body = fopen(a->filename, "r");
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char promptbuf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1967:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_signas[128];
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[STR_COMMAND];
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:394:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[STR_COMMAND];
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[STR_COMMAND];
data/neomutt-20201120+dfsg.1/ncrypt/pgpinvoke.c:443:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_null = open("/dev/null", O_RDWR);
data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[128];
data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.c:271:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_null = fopen("/dev/null", "w");
data/neomutt-20201120+dfsg.1/ncrypt/pgpmicalg.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/neomutt-20201120+dfsg.1/ncrypt/pgpmicalg.c:196:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_in = fopen(fname, "r");
data/neomutt-20201120+dfsg.1/ncrypt/pgppacket.c:152:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SmimePass[256];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[STR_COMMAND];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:506:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[128];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:740:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:813:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char email[256];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], certfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1479:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1717:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s->fp_in = fopen(mutt_b2s(signedfile), "r");
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/nntp/browse.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[128], fmt[128];
data/neomutt-20201120+dfsg.1/nntp/complete.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filepart[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:392:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:397:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:397:30: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf(tmpfile, sizeof(tmpfile), "%s.tmp", filename);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:398:26: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp = mutt_file_fopen(tmpfile, "w");
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:401:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_perror(tmpfile);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:407:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_perror(tmpfile);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:412:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_perror(tmpfile);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:417:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (rename(tmpfile, filename) < 0)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:428:8: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (*tmpfile)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:429:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(tmpfile);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[1024] = { 0 };
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[8192] = { 0 };
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:616:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:617:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[4096];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:676:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:710:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:841:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[128], fmt[128];
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:1010:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authinfo[1024] = { 0 };
data/neomutt-20201120+dfsg.1/nntp/nntp.c:349:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, buf, len);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authenticators[1024] = "USER";
data/neomutt-20201120+dfsg.1/nntp/nntp.c:641:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/nntp/nntp.c:793:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/nntp/nntp.c:875:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:983:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1259:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1744:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1974:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2055:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2056:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2398:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[1024];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2662:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char article[16];
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2690:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/db.c:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[PATH_MAX + 1024 + 32];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:546:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_file[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char folder[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1582:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpath[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1782:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *variants[6] = { "&type=threads", "&type=messages",
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[PATH_MAX + 1024 + 32]; /* path to DB + query + URL "decoration" */
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1960:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:2332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_file[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:2408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:2418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_file[PATH_MAX], new_file[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:2528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:2533:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msg->fp = fopen(path, "r");
data/neomutt-20201120+dfsg.1/pager.c:1987:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pager.c:2155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pager_progress_str[65]; /* Lots of space for translations */
data/neomutt-20201120+dfsg.1/pager.c:2191:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bn[256];
data/neomutt-20201120+dfsg.1/pager.c:2241:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char searchbuf[256] = { 0 };
data/neomutt-20201120+dfsg.1/pager.c:2242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pager.c:2272:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rd.fp = fopen(fname, "r");
data/neomutt-20201120+dfsg.1/pager.c:2463:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/neomutt-20201120+dfsg.1/pattern/compile.c:116:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/neomutt-20201120+dfsg.1/pattern/compile.c:388:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(min, base_min, sizeof(struct tm));
data/neomutt-20201120+dfsg.1/pattern/compile.c:546:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&min, &max, sizeof(max));
data/neomutt-20201120+dfsg.1/pattern/dlgpattern.c:96:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/neomutt-20201120+dfsg.1/pattern/exec.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/pattern/pattern.c:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char LastSearch[256] = { 0 }; ///< last pattern searched for
data/neomutt-20201120+dfsg.1/pattern/pattern.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char LastSearchExpn[1024] = { 0 }; ///< expanded version of LastSearch
data/neomutt-20201120+dfsg.1/pattern/pattern.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/pattern/pattern.c:639:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/pop/auth.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf[1024];
data/neomutt-20201120+dfsg.1/pop/auth.c:225:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/neomutt-20201120+dfsg.1/pop/auth.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[33];
data/neomutt-20201120+dfsg.1/pop/auth.c:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/auth.c:281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/auth.c:368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decoded_err[1024];
data/neomutt-20201120+dfsg.1/pop/lib.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/lib.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/lib.c:320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/lib.c:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/lib.c:514:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/pop.c:83:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char clean[128];
data/neomutt-20201120+dfsg.1/pop/pop.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/pop.c:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[1024];
data/neomutt-20201120+dfsg.1/pop/pop.c:569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/pop.c:570:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[128];
data/neomutt-20201120+dfsg.1/pop/pop.c:578:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(url, "pop://");
data/neomutt-20201120+dfsg.1/pop/pop.c:798:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/pop/pop.c:911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/pop.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/pop/pop.c:1047:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msg->fp = fopen(cache->path, "r");
data/neomutt-20201120+dfsg.1/pop/private.h:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[POP_CMD_RESPONSE];
data/neomutt-20201120+dfsg.1/postpone.c:501:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smime_cryptalg[1024] = { 0 };
data/neomutt-20201120+dfsg.1/postpone.c:502:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sign_as[1024] = { 0 };
data/neomutt-20201120+dfsg.1/progress.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], buf2[256];
data/neomutt-20201120+dfsg.1/progress.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posstr[128];
data/neomutt-20201120+dfsg.1/progress.h:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/neomutt-20201120+dfsg.1/progress.h:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sizestr[24];
data/neomutt-20201120+dfsg.1/recvattach.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/recvattach.c:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/recvattach.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charset[128];
data/neomutt-20201120+dfsg.1/recvattach.c:267:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/neomutt-20201120+dfsg.1/recvattach.c:390:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/neomutt-20201120+dfsg.1/recvattach.c:761:53: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rc == 0) && C_AttachSep && (fp_out = fopen(mutt_b2s(tfile), "a")))
data/neomutt-20201120+dfsg.1/recvattach.c:770:53: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((rc == 0) && C_AttachSep && (fp_out = fopen(mutt_b2s(tfile), "a")))
data/neomutt-20201120+dfsg.1/recvattach.c:840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tfile[PATH_MAX];
data/neomutt-20201120+dfsg.1/recvattach.c:844:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[PATH_MAX + 256];
data/neomutt-20201120+dfsg.1/recvattach.c:944:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(infile, "r");
data/neomutt-20201120+dfsg.1/recvattach.c:1056:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/recvattach.c:1097:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/neomutt-20201120+dfsg.1/recvattach.c:1134:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(mutt_b2s(newfile), "r");
data/neomutt-20201120+dfsg.1/recvattach.c:1164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[128];
data/neomutt-20201120+dfsg.1/recvcmd.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/neomutt-20201120+dfsg.1/recvcmd.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/recvcmd.c:411:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix2[128];
data/neomutt-20201120+dfsg.1/recvcmd.c:475:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[256];
data/neomutt-20201120+dfsg.1/recvcmd.c:931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[128];
data/neomutt-20201120+dfsg.1/remailer.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[8192];
data/neomutt-20201120+dfsg.1/remailer.c:194:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd_null = open("/dev/null", O_RDWR);
data/neomutt-20201120+dfsg.1/remailer.c:402:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char capbuf[10];
data/neomutt-20201120+dfsg.1/remailer.c:457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128];
data/neomutt-20201120+dfsg.1/resize.c:54:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/tty", O_RDONLY);
data/neomutt-20201120+dfsg.1/rfc3676.c:424:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_mktemp(tmpfile);
data/neomutt-20201120+dfsg.1/rfc3676.c:425:37: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp_out = mutt_file_fopen(mutt_b2s(tmpfile), "w+");
data/neomutt-20201120+dfsg.1/rfc3676.c:449:42: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_file_set_mtime(filename, mutt_b2s(tmpfile));
data/neomutt-20201120+dfsg.1/rfc3676.c:451:36: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp_in = mutt_file_fopen(mutt_b2s(tmpfile), "r");
data/neomutt-20201120+dfsg.1/rfc3676.c:462:32: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_file_set_mtime(mutt_b2s(tmpfile), filename);
data/neomutt-20201120+dfsg.1/rfc3676.c:463:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(mutt_b2s(tmpfile));
data/neomutt-20201120+dfsg.1/rfc3676.c:468:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
mutt_buffer_pool_release(&tmpfile);
data/neomutt-20201120+dfsg.1/send/body.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/neomutt-20201120+dfsg.1/send/body.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[11];
data/neomutt-20201120+dfsg.1/send/body.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[77], savechar;
data/neomutt-20201120+dfsg.1/send/body.c:227:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line + linelen - 1, "=%2.2X", (unsigned char) line[linelen - 1]);
data/neomutt-20201120+dfsg.1/send/body.c:260:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line + linelen, "=%2.2X", (unsigned char) c);
data/neomutt-20201120+dfsg.1/send/body.c:278:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line + linelen - 1, "=%2.2X", (unsigned char) line[linelen - 1]);
data/neomutt-20201120+dfsg.1/send/body.c:286:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "=%2.2X", (unsigned char) savechar);
data/neomutt-20201120+dfsg.1/send/body.c:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundary[128];
data/neomutt-20201120+dfsg.1/send/body.c:353:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp_in = fopen(a->filename, "r");
data/neomutt-20201120+dfsg.1/send/body.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send_charset[128];
data/neomutt-20201120+dfsg.1/send/header.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192] = { 0 };
data/neomutt-20201120+dfsg.1/send/header.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, l);
data/neomutt-20201120+dfsg.1/send/header.c:577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/header.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = { 0 };
data/neomutt-20201120+dfsg.1/send/multipart.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rs[MUTT_RANDTAG_LEN + 1];
data/neomutt-20201120+dfsg.1/send/send.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/send/send.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/neomutt-20201120+dfsg.1/send/send.c:415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/send.c:441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/send.c:595:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/send.c:618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/send/send.c:745:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/neomutt-20201120+dfsg.1/send/send.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prompt[256];
data/neomutt-20201120+dfsg.1/send/send.c:916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/send/send.c:1998:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/sendlib.c:230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufi[256], bufu[512], bufo[4 * sizeof(bufi)];
data/neomutt-20201120+dfsg.1/send/sendlib.c:341:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, &infos[*tocode], sizeof(struct Content));
data/neomutt-20201120+dfsg.1/send/sendlib.c:474:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/neomutt-20201120+dfsg.1/send/sendlib.c:496:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/neomutt-20201120+dfsg.1/send/sendlib.c:521:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chsbuf[256];
data/neomutt-20201120+dfsg.1/send/sendlib.c:567:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/neomutt-20201120+dfsg.1/send/sendlib.c:568:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subtype[256] = { 0 };
data/neomutt-20201120+dfsg.1/send/sendlib.c:569:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtype[256] = { 0 };
data/neomutt-20201120+dfsg.1/send/sendlib.c:601:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/neomutt-20201120+dfsg.1/send/sendlib.c:755:38: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (!a->filename || !(fp_in = fopen(a->filename, "r")))
data/neomutt-20201120+dfsg.1/send/sendlib.c:839:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send_charset[128];
data/neomutt-20201120+dfsg.1/send/sendlib.c:906:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chsbuf[256];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rndid[MUTT_RANDTAG_LEN + 1];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1251:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resent_from[256];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fcc_tok[PATH_MAX];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1463:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fcc_expanded[PATH_MAX];
data/neomutt-20201120+dfsg.1/send/sendlib.c:1689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[1024];
data/neomutt-20201120+dfsg.1/send/sendmail.c:139:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open(msg, O_RDONLY, 0) < 0)
data/neomutt-20201120+dfsg.1/send/sendmail.c:149:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open(*tempfile, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0600) < 0)
data/neomutt-20201120+dfsg.1/send/sendmail.c:157:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open("/dev/null", O_WRONLY | O_APPEND) < 0) /* stdout */
data/neomutt-20201120+dfsg.1/send/sendmail.c:159:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open("/dev/null", O_RDWR | O_APPEND) < 0) /* stderr */
data/neomutt-20201120+dfsg.1/send/sendmail.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/neomutt-20201120+dfsg.1/send/smtp.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4];
data/neomutt-20201120+dfsg.1/send/smtp.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/smtp.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/smtp.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/smtp.c:242:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(msgfile, "r");
data/neomutt-20201120+dfsg.1/send/smtp.c:419:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/smtp.c:588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/send/smtp.c:634:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b64[1024] = { 0 };
data/neomutt-20201120+dfsg.1/send/smtp.c:635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = { 0 };
data/neomutt-20201120+dfsg.1/send/smtp.c:887:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/sidebar/private.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char box[256]; ///< Mailbox path (possibly abbreviated)
data/neomutt-20201120+dfsg.1/sidebar/private.h:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display[256]; ///< Formatted string to display
data/neomutt-20201120+dfsg.1/sidebar/window.c:280:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[256];
data/neomutt-20201120+dfsg.1/sidebar/window.c:301:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indented[256] = { 0 };
data/neomutt-20201120+dfsg.1/sort.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fa[128];
data/neomutt-20201120+dfsg.1/sort.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fa[128];
data/neomutt-20201120+dfsg.1/state.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mb[MB_LEN_MAX] = { 0 };
data/neomutt-20201120+dfsg.1/status.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[128], tmp[128];
data/neomutt-20201120+dfsg.1/store/bdb.c:106:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctx->fd = open(mutt_b2s(&ctx->lockfile), O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
data/neomutt-20201120+dfsg.1/store/bdb.c:120:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = (*ctx->env->open)(ctx->env, NULL, DB_INIT_MPOOL | DB_CREATE | DB_PRIVATE, 0600);
data/neomutt-20201120+dfsg.1/store/bdb.c:135:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = (*ctx->db->open)(ctx->db, NULL, path, NULL, DB_BTREE, createflags, 0600);
data/neomutt-20201120+dfsg.1/store/kc.c:151:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version_cache[128] = { 0 }; ///< should be more than enough for KCVERSION
data/neomutt-20201120+dfsg.1/store/lib.h:75:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *(*open)(const char *path);
data/neomutt-20201120+dfsg.1/store/store.c:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/acutest.h:389:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char test_case_name_[TEST_CASE_MAXSIZE] = "";
data/neomutt-20201120+dfsg.1/test/acutest.h:528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/neomutt-20201120+dfsg.1/test/acutest.h:594:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[48];
data/neomutt-20201120+dfsg.1/test/acutest.h:749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[TEST_MSG_MAXSIZE];
data/neomutt-20201120+dfsg.1/test/acutest.h:1131:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/neomutt-20201120+dfsg.1/test/acutest.h:1142:35: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(tmp, "signal %d", WTERMSIG(exit_code)); signame = tmp; break;
data/neomutt-20201120+dfsg.1/test/acutest.h:1152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512] = {0};
data/neomutt-20201120+dfsg.1/test/acutest.h:1259:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char badoptname[3];
data/neomutt-20201120+dfsg.1/test/acutest.h:1282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxbuf[TEST_CMDLINE_AUXBUF_SIZE_+1];
data/neomutt-20201120+dfsg.1/test/acutest.h:1507:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_verbose_level_ = (arg != NULL ? atoi(arg) : test_verbose_level_+1);
data/neomutt-20201120+dfsg.1/test/acutest.h:1539:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_worker_index_ = atoi(arg);
data/neomutt-20201120+dfsg.1/test/acutest.h:1542:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test_xml_output_ = fopen(arg, "w");
data/neomutt-20201120+dfsg.1/test/acutest.h:1587:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256+OVERLAP+1];
data/neomutt-20201120+dfsg.1/test/acutest.h:1592:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/proc/self/status", O_RDONLY);
data/neomutt-20201120+dfsg.1/test/acutest.h:1612:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t tracer_pid = (pid_t) atoi(field + sizeof(pattern) - 1);
data/neomutt-20201120+dfsg.1/test/acutest.h:1753:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suite_name[_MAX_FNAME];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_cat.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_for_display.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per[64] = "bobby bob";
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_for_display.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbx[64] = "bob@bobsdomain";
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_write.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_write.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_write.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per[64] = "bobby bob";
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_write.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbx[64] = "bob@bobsdomain";
data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write.c:53:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8] = { 0 };
data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write.c:60:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24] = { 0 };
data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write.c:67:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[43] = { 0 };
data/neomutt-20201120+dfsg.1/test/address/mutt_addrlist_write.c:74:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[76] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_decode.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_decode.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_decode.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out2[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_encode.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_encode.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_encode.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_encode.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out1[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/base64/mutt_b64_encode.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out2[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_canonical_charset.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_check.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_check.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_choose.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_in[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_choose.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_in[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_choose.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_in[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_choose.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_in[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_fgetconvs.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/compress/common.c:112:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(level);
data/neomutt-20201120+dfsg.1/test/compress/common.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, cdata, clen);
data/neomutt-20201120+dfsg.1/test/compress/common.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char case_name[64];
data/neomutt-20201120+dfsg.1/test/compress/lz4.c:59:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(MIN_COMP_LEVEL - 1);
data/neomutt-20201120+dfsg.1/test/compress/lz4.c:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cctx = cops->open(MAX_COMP_LEVEL + 1);
data/neomutt-20201120+dfsg.1/test/compress/lz4.c:73:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(MIN_COMP_LEVEL);
data/neomutt-20201120+dfsg.1/test/compress/zlib.c:59:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(MIN_COMP_LEVEL - 1);
data/neomutt-20201120+dfsg.1/test/compress/zlib.c:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cctx = cops->open(MAX_COMP_LEVEL + 1);
data/neomutt-20201120+dfsg.1/test/compress/zlib.c:73:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(MIN_COMP_LEVEL);
data/neomutt-20201120+dfsg.1/test/compress/zstd.c:59:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(MIN_COMP_LEVEL - 1);
data/neomutt-20201120+dfsg.1/test/compress/zstd.c:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cctx = cops->open(MAX_COMP_LEVEL + 1);
data/neomutt-20201120+dfsg.1/test/compress/zstd.c:73:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *cctx = cops->open(MIN_COMP_LEVEL);
data/neomutt-20201120+dfsg.1/test/config/address.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/bool.c:541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/common.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/neomutt-20201120+dfsg.1/test/config/common.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *list[26] = { 0 };
data/neomutt-20201120+dfsg.1/test/config/dump.c:268:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/dev/null", "w");
data/neomutt-20201120+dfsg.1/test/config/dump.c:332:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/dev/null", "w");
data/neomutt-20201120+dfsg.1/test/config/enum.c:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/long.c:733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/mbtable.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/number.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/path.c:145:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rc = cs_str_initial_set(cs, "Cherry", (const char *) Vars[2].initial, &value);
data/neomutt-20201120+dfsg.1/test/config/path.c:578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/quad.c:528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/regex.c:618:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/slist.c:995:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/sort.c:647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/config/string.c:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char child[128];
data/neomutt-20201120+dfsg.1/test/date/mutt_date_localtime_format.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/date/mutt_date_localtime_format.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/test/date/mutt_date_make_imap.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/test/date/mutt_date_make_tls.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/common.c:44:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE *fp = tmpfile();
data/neomutt-20201120+dfsg.1/test/file/mutt_file_check_empty.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_add_stat.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_chmod_rm_stat.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_get_size.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_map_lines.c:72:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/dev/null", "r");
data/neomutt-20201120+dfsg.1/test/file/mutt_file_quote_filename.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_quote_filename.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/neomutt-20201120+dfsg.1/test/file/mutt_file_read_keyword.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_read_line.c:34:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/dev/null", "r");
data/neomutt-20201120+dfsg.1/test/file/mutt_file_resolve_symlink.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_resolve_symlink.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char second[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_stat_compare.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/file/mutt_file_stat_compare.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char second[256] = { 0 };
data/neomutt-20201120+dfsg.1/test/from/is_from.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[128];
data/neomutt-20201120+dfsg.1/test/hash/mutt_hash_new.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/neomutt-20201120+dfsg.1/test/history/mutt_hist_search.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/list/common.c:37:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
np->data = (char *) items[i];
data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_get_initials.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_wcstombs.c:33:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t src[32] = L"apple";
data/neomutt-20201120+dfsg.1/test/mbyte/mutt_mb_wcstombs.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5.c:45:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5.c:46:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[33];
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_bytes.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_bytes.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_bytes.c:49:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_bytes.c:50:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[33];
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_finish_ctx.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_init_ctx.c:42:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_init_ctx.c:43:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest[33];
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_process_bytes.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_toascii.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/parse/mutt_extract_message_id.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/neomutt-20201120+dfsg.1/test/parse/mutt_parse_mailto.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parsed[1024] = { 0 };
data/neomutt-20201120+dfsg.1/test/parse/mutt_parse_mailto.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mailto[1024];
data/neomutt-20201120+dfsg.1/test/parse/mutt_rfc822_read_header.c:40:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/dev/null", "r");
data/neomutt-20201120+dfsg.1/test/path/mutt_path_abbr_folder.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/path/mutt_path_concat.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/path/mutt_path_concat.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/path/mutt_path_pretty.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/path/mutt_path_tidy.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[192];
data/neomutt-20201120+dfsg.1/test/path/mutt_path_tidy_dotdot.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/neomutt-20201120+dfsg.1/test/path/mutt_path_tidy_slash.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:101:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->op);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:102:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->pat_not);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:103:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->all_addr);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:104:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->string_match);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:105:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->group_match);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:106:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->ign_case);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:107:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->is_alias);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:108:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->is_multi);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:109:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->min);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:110:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "%d,", e->max);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:114:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "}\n");
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:287:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:334:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:413:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:492:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:571:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:662:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:769:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_apply.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_apply.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_match.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/regex/mutt_replacelist_match.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/store/bdb.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/bdb.c:50:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/common.c:52:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!TEST_CHECK(sops->open(NULL) == NULL))
data/neomutt-20201120+dfsg.1/test/store/gdbm.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/gdbm.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/kc.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/kc.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/lmdb.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/lmdb.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/qdbm.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/qdbm.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/rocksdb.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/rocksdb.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/tc.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/tc.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/store/tdb.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/neomutt-20201120+dfsg.1/test/store/tdb.c:47:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void *db = sops->open(path);
data/neomutt-20201120+dfsg.1/test/string/mutt_istr_remall.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_cat.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_copy.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_str_copy.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[20] = "\0";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_copy.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[10];
data/neomutt-20201120+dfsg.1/test/string/mutt_str_inline_replace.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "banana";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_inline_replace.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[14];
data/neomutt-20201120+dfsg.1/test/string/mutt_str_lower.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = "";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_lower.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_lower.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = "aPPLe";
data/neomutt-20201120+dfsg.1/test/string/mutt_str_remove_trailing_ws.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_cat.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8] = "apple";
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/string/mutt_strn_copy.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/url/url_parse.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64] = { 0 };
data/neomutt-20201120+dfsg.1/test/url/url_parse.c:303:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/neomutt-20201120+dfsg.1/test/url/url_pct_encode.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/url/url_pct_encode.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/test/url/url_tostring.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { 0 };
data/neomutt-20201120+dfsg.1/version.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[24];
data/neomutt-20201120+dfsg.1/alias/dlgalias.c:387:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (np->name && mutt_strn_equal(np->name, buf, strlen(buf)))
data/neomutt-20201120+dfsg.1/alias/dlgalias.c:428:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (np->name && !mutt_strn_equal(np->name, buf, strlen(buf)))
data/neomutt-20201120+dfsg.1/alias/dlgquery.c:153:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(tmp);
data/neomutt-20201120+dfsg.1/command_parse.c:316:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(a->minor);
data/neomutt-20201120+dfsg.1/commands.c:1179:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!en->email->read)
data/neomutt-20201120+dfsg.1/commands.c:1223:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e2->read)
data/neomutt-20201120+dfsg.1/commands.c:1290:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(buf);
data/neomutt-20201120+dfsg.1/complete.c:229:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_str_copy(buf + strlen(buf), "/", buflen - strlen(buf));
data/neomutt-20201120+dfsg.1/complete.c:229:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_str_copy(buf + strlen(buf), "/", buflen - strlen(buf));
data/neomutt-20201120+dfsg.1/complete.c:231:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_str_copy(buf + strlen(buf), mutt_b2s(filepart), buflen - strlen(buf));
data/neomutt-20201120+dfsg.1/complete.c:231:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_str_copy(buf + strlen(buf), mutt_b2s(filepart), buflen - strlen(buf));
data/neomutt-20201120+dfsg.1/compose/compose.c:1850:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_mem_calloc(1, strlen(p) + strlen(ALTS_TAG) + 1);
data/neomutt-20201120+dfsg.1/compose/compose.c:1850:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_mem_calloc(1, strlen(p) + strlen(ALTS_TAG) + 1);
data/neomutt-20201120+dfsg.1/compose/compose.c:1947:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_mem_calloc(1, strlen(p) + strlen(LINGUAL_TAG) + 1);
data/neomutt-20201120+dfsg.1/compose/compose.c:1947:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_mem_calloc(1, strlen(p) + strlen(LINGUAL_TAG) + 1);
data/neomutt-20201120+dfsg.1/conn/connection.h:72:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct Connection *conn, char *buf, size_t count);
data/neomutt-20201120+dfsg.1/conn/raw.c:269:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(conn->fd, buf, count);
data/neomutt-20201120+dfsg.1/conn/sasl.c:81:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct Connection *conn, char *buf, size_t count);
data/neomutt-20201120+dfsg.1/conn/sasl.c:224:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (outlen < strlen(hbuf) + strlen(pbuf) + 2)
data/neomutt-20201120+dfsg.1/conn/sasl.c:224:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (outlen < strlen(hbuf) + strlen(pbuf) + 2)
data/neomutt-20201120+dfsg.1/conn/sasl.c:347:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(*result);
data/neomutt-20201120+dfsg.1/conn/sasl.c:373:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cac->pass);
data/neomutt-20201120+dfsg.1/conn/sasl.c:449:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
conn->read = sasldata->read;
data/neomutt-20201120+dfsg.1/conn/sasl.c:498:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = sasldata->read(conn, buf, count);
data/neomutt-20201120+dfsg.1/conn/sasl.c:520:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = sasldata->read(conn, buf, count);
data/neomutt-20201120+dfsg.1/conn/sasl.c:756:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sasldata->read = conn->read;
data/neomutt-20201120+dfsg.1/conn/socket.c:126:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return conn->read(conn, buf, len);
data/neomutt-20201120+dfsg.1/conn/socket.c:214:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
conn->available = conn->read(conn, conn->inbuf, sizeof(conn->inbuf));
data/neomutt-20201120+dfsg.1/conn/tunnel.c:144:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(tunnel->fd_read, buf, count);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:56:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct ZstrmDirection read; ///< Data being read and de-compressed
data/neomutt-20201120+dfsg.1/conn/zstrm.c:104:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.total_in, zctx->read.z.total_out,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:104:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.total_in, zctx->read.z.total_out,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:105:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(float) zctx->read.z.total_out / (float) zctx->read.z.total_in,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:105:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(float) zctx->read.z.total_out / (float) zctx->read.z.total_in,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:113:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
conn->read = zctx->next_conn.read;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:117:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inflateEnd(&zctx->read.z);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:119:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FREE(&zctx->read.buf);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:136:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (zctx->read.stream_eof)
data/neomutt-20201120+dfsg.1/conn/zstrm.c:142:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((zctx->read.pos == 0) && !zctx->read.conn_eof)
data/neomutt-20201120+dfsg.1/conn/zstrm.c:142:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((zctx->read.pos == 0) && !zctx->read.conn_eof)
data/neomutt-20201120+dfsg.1/conn/zstrm.c:144:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = zctx->next_conn.read(&zctx->next_conn, zctx->read.buf, zctx->read.len);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:144:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = zctx->next_conn.read(&zctx->next_conn, zctx->read.buf, zctx->read.len);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:144:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = zctx->next_conn.read(&zctx->next_conn, zctx->read.buf, zctx->read.len);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:149:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.conn_eof = true;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:151:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.pos += rc;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:154:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.avail_in = (uInt) zctx->read.pos;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:154:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.avail_in = (uInt) zctx->read.pos;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:155:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.next_in = (Bytef *) zctx->read.buf;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:155:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.next_in = (Bytef *) zctx->read.buf;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:156:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.avail_out = (uInt) len;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:157:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.next_out = (Bytef *) buf;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:159:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zrc = inflate(&zctx->read.z, Z_SYNC_FLUSH);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:161:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zrc, zctx->read.pos - zctx->read.z.avail_in, zctx->read.pos,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:161:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zrc, zctx->read.pos - zctx->read.z.avail_in, zctx->read.pos,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:161:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zrc, zctx->read.pos - zctx->read.z.avail_in, zctx->read.pos,
data/neomutt-20201120+dfsg.1/conn/zstrm.c:162:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len - zctx->read.z.avail_out, len);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:165:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((Bytef *) zctx->read.buf != zctx->read.z.next_in)
data/neomutt-20201120+dfsg.1/conn/zstrm.c:165:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((Bytef *) zctx->read.buf != zctx->read.z.next_in)
data/neomutt-20201120+dfsg.1/conn/zstrm.c:167:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memmove(zctx->read.buf, zctx->read.z.next_in, zctx->read.z.avail_in);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:167:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memmove(zctx->read.buf, zctx->read.z.next_in, zctx->read.z.avail_in);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:167:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memmove(zctx->read.buf, zctx->read.z.next_in, zctx->read.z.avail_in);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:168:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.pos = zctx->read.z.avail_in;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:168:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.pos = zctx->read.z.avail_in;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:174:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zrc = len - zctx->read.z.avail_out; /* "returned" bytes */
data/neomutt-20201120+dfsg.1/conn/zstrm.c:185:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zrc = len - zctx->read.z.avail_out; /* "returned" bytes */
data/neomutt-20201120+dfsg.1/conn/zstrm.c:186:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.stream_eof = true;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:190:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!zctx->read.conn_eof)
data/neomutt-20201120+dfsg.1/conn/zstrm.c:216:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(zctx->read.z.avail_out == 0) || (zctx->read.pos > 0) ?
data/neomutt-20201120+dfsg.1/conn/zstrm.c:216:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(zctx->read.z.avail_out == 0) || (zctx->read.pos > 0) ?
data/neomutt-20201120+dfsg.1/conn/zstrm.c:219:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((zctx->read.z.avail_out == 0) || (zctx->read.pos > 0))
data/neomutt-20201120+dfsg.1/conn/zstrm.c:219:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((zctx->read.z.avail_out == 0) || (zctx->read.pos > 0))
data/neomutt-20201120+dfsg.1/conn/zstrm.c:297:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->next_conn.read = conn->read;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:310:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.len = 8192;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:311:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.buf = mutt_mem_malloc(zctx->read.len);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:311:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.buf = mutt_mem_malloc(zctx->read.len);
data/neomutt-20201120+dfsg.1/conn/zstrm.c:312:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.pos = 0;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:318:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.zalloc = zstrm_malloc;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:319:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.zfree = zstrm_free;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:320:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.opaque = NULL;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:321:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.avail_out = zctx->read.len;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:321:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zctx->read.z.avail_out = zctx->read.len;
data/neomutt-20201120+dfsg.1/conn/zstrm.c:322:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inflateInit2(&zctx->read.z, -15);
data/neomutt-20201120+dfsg.1/context.c:191:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/context.c:260:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!m->emails[j]->read)
data/neomutt-20201120+dfsg.1/copy.c:455:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->old || e->read)
data/neomutt-20201120+dfsg.1/copy.c:458:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read)
data/neomutt-20201120+dfsg.1/copy.c:581:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int ch = getc(fp);
data/neomutt-20201120+dfsg.1/copy.c:798:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = fgetc(fp_in)) != EOF) && bytes--)
data/neomutt-20201120+dfsg.1/copy.c:1017:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cbuf, " ");
data/neomutt-20201120+dfsg.1/copy.c:1026:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c2buf, ",");
data/neomutt-20201120+dfsg.1/copy.c:1043:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p + plen, "\n");
data/neomutt-20201120+dfsg.1/debug/graphviz.c:232:58: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
static void dot_type_umask(char *buf, size_t buflen, int umask)
data/neomutt-20201120+dfsg.1/debug/graphviz.c:234:34: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
snprintf(buf, buflen, "0%03o", umask);
data/neomutt-20201120+dfsg.1/debug/graphviz.c:431:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(scope);
data/neomutt-20201120+dfsg.1/debug/graphviz.c:949:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1315:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ADD_BOOL(read);
data/neomutt-20201120+dfsg.1/debug/graphviz.c:1416:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(022);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:394:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = strlen(str); i < 8; i++)
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1002:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "yes", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1004:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "no", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1006:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "ask-yes", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1008:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "ask-no", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1014:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "yes", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1016:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "no", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1018:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "yes", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1020:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "no", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1026:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "mbox", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1028:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "MMDF", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1030:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "MH", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1032:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(t, "Maildir", l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1043:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t, s + 5, l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1063:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(t, s, l);
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1305:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp + strlen(tmp), buf, sizeof(tmp) - strlen(tmp));
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1305:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp + strlen(tmp), buf, sizeof(tmp) - strlen(tmp));
data/neomutt-20201120+dfsg.1/docs/makedoc.c:1305:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tmp + strlen(tmp), buf, sizeof(tmp) - strlen(tmp));
data/neomutt-20201120+dfsg.1/editmsg.c:218:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool o_read = e->read;
data/neomutt-20201120+dfsg.1/email/email.h:51:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read : 1; ///< Email is read
data/neomutt-20201120+dfsg.1/email/parse.c:1012:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)] = ':';
data/neomutt-20201120+dfsg.1/email/parse.c:1069:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(fp);
data/neomutt-20201120+dfsg.1/email/parse.c:1077:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((ch = fgetc(fp)) == ' ') || (ch == '\t'))
data/neomutt-20201120+dfsg.1/email/rfc2047.c:72:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(str, tocode, strlen(tocode));
data/neomutt-20201120+dfsg.1/email/rfc2047.c:73:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(tocode);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:106:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(str, tocode, strlen(tocode));
data/neomutt-20201120+dfsg.1/email/rfc2047.c:107:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(tocode);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:199:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
obl = sizeof(buf) - strlen(tocode);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:212:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dlen > (sizeof(buf) - strlen(tocode)))
data/neomutt-20201120+dfsg.1/email/rfc2047.c:213:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(buf) - strlen(tocode) + 1;
data/neomutt-20201120+dfsg.1/email/rfc2047.c:230:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = ENCWORD_LEN_MIN - 2 + strlen(tocode);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:280:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t obl = sizeof(tmp) - strlen(tocode);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:625:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encode(*pd, strlen(*pd), col, C_Charset, charsets, &e, &elen, specials);
data/neomutt-20201120+dfsg.1/email/rfc2047.c:743:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int col = tag ? strlen(tag) + 2 : 32;
data/neomutt-20201120+dfsg.1/email/rfc2231.c:208:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t vl = strlen(par->value);
data/neomutt-20201120+dfsg.1/enter.c:649:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i = strlen(buf);
data/neomutt-20201120+dfsg.1/enter.c:700:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/neomutt-20201120+dfsg.1/flags.c:142:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read || e->old)
data/neomutt-20201120+dfsg.1/flags.c:148:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read)
data/neomutt-20201120+dfsg.1/flags.c:159:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (!e->read)
data/neomutt-20201120+dfsg.1/flags.c:185:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/flags.c:197:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/flags.c:213:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/flags.c:227:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (e->read)
data/neomutt-20201120+dfsg.1/flags.c:253:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:629:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, &ch, 1) == 0)
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:638:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, buf, sizeof(buf)) > 0)
data/neomutt-20201120+dfsg.1/gui/curs_lib.c:1149:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, scratch, k2);
data/neomutt-20201120+dfsg.1/handler.c:184:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = fgetc(s->fp_in)) != EOF) && len--)
data/neomutt-20201120+dfsg.1/handler.c:188:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int ch = fgetc(s->fp_in);
data/neomutt-20201120+dfsg.1/handler.c:328:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t linelen = strlen(line);
data/neomutt-20201120+dfsg.1/handler.c:1511:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(s->fp_in);
data/neomutt-20201120+dfsg.1/hdrline.c:1089:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (e->read && (msg_in_pager != e->msgno))
data/neomutt-20201120+dfsg.1/hdrline.c:1247:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (e->read && (msg_in_pager != e->msgno))
data/neomutt-20201120+dfsg.1/hdrline.c:1313:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (e->read && (msg_in_pager != e->msgno))
data/neomutt-20201120+dfsg.1/history/history.c:198:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int line, hclass, read;
data/neomutt-20201120+dfsg.1/history/history.c:215:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sscanf(linebuf, "%d:%n", &hclass, &read) < 1) || (read == 0) ||
data/neomutt-20201120+dfsg.1/history/history.c:216:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*(p = linebuf + strlen(linebuf) - 1) != '|') || (hclass < 0))
data/neomutt-20201120+dfsg.1/history/history.c:225:76: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (C_HistoryRemoveDups && (dup_hash_inc(dup_hashes[hclass], linebuf + read) > 1))
data/neomutt-20201120+dfsg.1/history/history.c:257:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sscanf(linebuf, "%d:%n", &hclass, &read) < 1) || (read == 0) ||
data/neomutt-20201120+dfsg.1/history/history.c:258:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*(p = linebuf + strlen(linebuf) - 1) != '|') || (hclass < 0))
data/neomutt-20201120+dfsg.1/history/history.c:266:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (C_HistoryRemoveDups && (dup_hash_dec(dup_hashes[hclass], linebuf + read) > 0))
data/neomutt-20201120+dfsg.1/history/history.c:570:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int line = 0, hclass, read;
data/neomutt-20201120+dfsg.1/history/history.c:584:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((sscanf(linebuf, "%d:%n", &hclass, &read) < 1) || (read == 0) ||
data/neomutt-20201120+dfsg.1/history/history.c:585:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*(p = linebuf + strlen(linebuf) - 1) != '|') || (hclass < 0))
data/neomutt-20201120+dfsg.1/history/history.c:594:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p = mutt_str_dup(linebuf + read);
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:55:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secret_len = strlen(password);
data/neomutt-20201120+dfsg.1/imap/auth_cram.c:159:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_b64_encode(obuf, strlen(obuf), ibuf, sizeof(ibuf) - 2);
data/neomutt-20201120+dfsg.1/imap/auth_gss.c:80:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf_maj, (char *) status_string.value, status_len);
data/neomutt-20201120+dfsg.1/imap/auth_gss.c:91:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf_min, (char *) status_string.value, status_len);
data/neomutt-20201120+dfsg.1/imap/auth_sasl.c:166:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(adata->buf + 2);
data/neomutt-20201120+dfsg.1/imap/browse.c:93:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!isparent && !noinferiors && (strlen(relpath) < sizeof(relpath) - 1))
data/neomutt-20201120+dfsg.1/imap/browse.c:95:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
relpath[strlen(relpath) + 1] = '\0';
data/neomutt-20201120+dfsg.1/imap/browse.c:96:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
relpath[strlen(relpath)] = delim;
data/neomutt-20201120+dfsg.1/imap/command.c:625:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(adata->buf) < litlen)
data/neomutt-20201120+dfsg.1/imap/command.c:694:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url.path[strlen(url.path) - 1] = '\0';
data/neomutt-20201120+dfsg.1/imap/command.c:819:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(adata->buf) < litlen)
data/neomutt-20201120+dfsg.1/imap/imap.c:232:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read != imap_edata_get(e)->read)
data/neomutt-20201120+dfsg.1/imap/imap.c:232:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read != imap_edata_get(e)->read)
data/neomutt-20201120+dfsg.1/imap/imap.c:233:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
match = invert ^ e->read;
data/neomutt-20201120+dfsg.1/imap/imap.c:297:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read != edata->read)
data/neomutt-20201120+dfsg.1/imap/imap.c:297:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read != edata->read)
data/neomutt-20201120+dfsg.1/imap/imap.c:871:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t nplen = strlen(np->data);
data/neomutt-20201120+dfsg.1/imap/imap.c:1014:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
set_flag(m, MUTT_ACL_SEEN, e->read, "\\Seen ", flags, sizeof(flags));
data/neomutt-20201120+dfsg.1/imap/imap.c:1356:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(listresp.name);
data/neomutt-20201120+dfsg.1/imap/imap.c:1364:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
matchlen = strlen(completion);
data/neomutt-20201120+dfsg.1/imap/imap.c:1678:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
edata->read = e->read;
data/neomutt-20201120+dfsg.1/imap/message.c:772:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
h.edata->read = e->read;
data/neomutt-20201120+dfsg.1/imap/message.c:780:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e->read = h.edata->read;
data/neomutt-20201120+dfsg.1/imap/message.c:866:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
edata->read = e->read;
data/neomutt-20201120+dfsg.1/imap/message.c:1153:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e->read = h.edata->read;
data/neomutt-20201120+dfsg.1/imap/message.c:1461:34: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (last = EOF, len = 0; (c = fgetc(fp)) != EOF; last = c)
data/neomutt-20201120+dfsg.1/imap/message.c:1478:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (msg->flags.read)
data/neomutt-20201120+dfsg.1/imap/message.c:1500:41: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (last = EOF, sent = len = 0; (c = fgetc(fp)) != EOF; last = c)
data/neomutt-20201120+dfsg.1/imap/message.c:1819:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
old_edata.read, edata->read, e->read);
data/neomutt-20201120+dfsg.1/imap/message.c:1819:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
old_edata.read, edata->read, e->read);
data/neomutt-20201120+dfsg.1/imap/message.c:1819:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
old_edata.read, edata->read, e->read);
data/neomutt-20201120+dfsg.1/imap/message.c:1849:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read;
data/neomutt-20201120+dfsg.1/imap/message.c:1993:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = e->read;
data/neomutt-20201120+dfsg.1/imap/message.c:1999:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != e->read)
data/neomutt-20201120+dfsg.1/imap/message.c:1999:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != e->read)
data/neomutt-20201120+dfsg.1/imap/message.c:2001:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e->read = read;
data/neomutt-20201120+dfsg.1/imap/message.c:2002:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mutt_set_flag(m, e, MUTT_NEW, read);
data/neomutt-20201120+dfsg.1/imap/message.h:36:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read : 1;
data/neomutt-20201120+dfsg.1/imap/utf7.c:334:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *utf7 = utf8_to_utf7(*s, strlen(*s), NULL, 0);
data/neomutt-20201120+dfsg.1/imap/utf7.c:357:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *utf8 = utf7_to_utf8(*s, strlen(*s), 0, 0);
data/neomutt-20201120+dfsg.1/imap/util.c:704:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b1 = mutt_mem_malloc(strlen(mx1) + 1);
data/neomutt-20201120+dfsg.1/imap/util.c:705:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b2 = mutt_mem_malloc(strlen(mx2) + 1);
data/neomutt-20201120+dfsg.1/imap/util.c:707:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imap_fix_path('\0', mx1, b1, strlen(mx1) + 1);
data/neomutt-20201120+dfsg.1/imap/util.c:708:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imap_fix_path('\0', mx2, b2, strlen(mx2) + 1);
data/neomutt-20201120+dfsg.1/imap/util.c:1070:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, buf, strlen(s));
data/neomutt-20201120+dfsg.1/imap/util.c:1070:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(s, buf, strlen(s));
data/neomutt-20201120+dfsg.1/index.c:349:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read && !e->deleted)
data/neomutt-20201120+dfsg.1/index.c:1255:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e && !e->read && !e->old)
data/neomutt-20201120+dfsg.1/index.c:2141:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "id:", sizeof(buf));
data/neomutt-20201120+dfsg.1/index.c:2146:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf) - 1] == '>')
data/neomutt-20201120+dfsg.1/index.c:2147:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = '\0';
data/neomutt-20201120+dfsg.1/index.c:2898:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (!e->deleted && !e->read)
data/neomutt-20201120+dfsg.1/index.c:3035:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read || e->old)
data/neomutt-20201120+dfsg.1/index.c:3046:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (cur.e->read || cur.e->old)
data/neomutt-20201120+dfsg.1/init.c:1177:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, Completed, buflen - spaces);
data/neomutt-20201120+dfsg.1/init.c:1246:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pt, Completed, buf + buflen - pt - spaces);
data/neomutt-20201120+dfsg.1/init.c:1294:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pt, Completed, buf + buflen - pt - spaces);
data/neomutt-20201120+dfsg.1/init.c:1357:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, Completed, buflen - spaces);
data/neomutt-20201120+dfsg.1/init.c:1411:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pt, Completed, buf + buflen - pt - spaces);
data/neomutt-20201120+dfsg.1/init.c:1472:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pt, Completed, buf + buflen - pt);
data/neomutt-20201120+dfsg.1/maildir/maildir.c:194:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->flagged || e->replied || e->read || e->deleted || e->old || flags)
data/neomutt-20201120+dfsg.1/maildir/maildir.c:198:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e->read ? "S" : "", e->deleted ? "T" : "", NONULL(flags));
data/neomutt-20201120+dfsg.1/maildir/maildir.c:200:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qsort(tmp, strlen(tmp), 1, ch_compare);
data/neomutt-20201120+dfsg.1/maildir/maildir.c:434:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mutt_buffer_printf(partpath, "%s/%s%s", (e->read || e->old) ? "cur" : "new",
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1491:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e && (e->read || e->old))
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1496:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(mh_umask(m));
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1510:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/neomutt-20201120+dfsg.1/maildir/maildir.c:1522:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/neomutt-20201120+dfsg.1/maildir/mh.c:78:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t omask = umask(mh_umask(m));
data/neomutt-20201120+dfsg.1/maildir/mh.c:89:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/neomutt-20201120+dfsg.1/maildir/mh.c:99:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(omask);
data/neomutt-20201120+dfsg.1/maildir/mh.c:359:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mh_seq_add_one(m, hi, !msg->flags.read, msg->flags.flagged, msg->flags.replied);
data/neomutt-20201120+dfsg.1/maildir/mh.c:639:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keylen = strlen(key);
data/neomutt-20201120+dfsg.1/maildir/mh.c:659:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/neomutt-20201120+dfsg.1/maildir/mh.c:764:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keylen = strlen(key);
data/neomutt-20201120+dfsg.1/maildir/mh.c:792:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t keylen = strlen(key);
data/neomutt-20201120+dfsg.1/maildir/mh.c:840:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = mutt_hcache_store(hc, e->path, strlen(e->path), e, 0);
data/neomutt-20201120+dfsg.1/maildir/sequence.c:302:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/maildir/shared.c:96:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
md->email->read ? "R" : "");
data/neomutt-20201120+dfsg.1/maildir/shared.c:141:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e_old->read != e_new->read)
data/neomutt-20201120+dfsg.1/maildir/shared.c:141:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e_old->read != e_new->read)
data/neomutt-20201120+dfsg.1/maildir/shared.c:142:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mutt_set_flag(m, e_old, MUTT_READ, e_new->read);
data/neomutt-20201120+dfsg.1/main.c:418:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(077);
data/neomutt-20201120+dfsg.1/mbox/mbox.c:475:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(adata->fp) == '\n')
data/neomutt-20201120+dfsg.1/mbox/mbox.c:680:63: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mutt_set_flag(m, m->emails[i], MUTT_READ, e_old[j]->read);
data/neomutt-20201120+dfsg.1/mbox/mbox.c:722:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->deleted && !e->read && !e->old)
data/neomutt-20201120+dfsg.1/mbox/mbox.c:753:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + BUFSIZ, buf, 5 + 2); /* 2 == 2 * mutt_str_len(CRLF) */
data/neomutt-20201120+dfsg.1/mbox/mbox.c:796:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read && !e->old)
data/neomutt-20201120+dfsg.1/mbox/mbox.c:1639:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fp)) != EOF)
data/neomutt-20201120+dfsg.1/menu.c:98:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mutt_strn_equal((const char *) (s + 1), np->pattern, strlen(np->pattern)))
data/neomutt-20201120+dfsg.1/menu.c:101:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (transform && mutt_strn_equal((const char *) (s + 1), transform, strlen(transform)))
data/neomutt-20201120+dfsg.1/monitor.c:437:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = read(INotifyFd, buf, sizeof(buf));
data/neomutt-20201120+dfsg.1/mutt.h:52:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define fgetc fgetc_unlocked
data/neomutt-20201120+dfsg.1/mutt/buffer.c:389:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int d_len = strlen(dir);
data/neomutt-20201120+dfsg.1/mutt/charset.c:646:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ibl1 = strlen(*t);
data/neomutt-20201120+dfsg.1/mutt/charset.c:669:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(outrepl);
data/neomutt-20201120+dfsg.1/mutt/charset.c:788:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/neomutt-20201120+dfsg.1/mutt/charset.c:913:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(fc->fp);
data/neomutt-20201120+dfsg.1/mutt/charset.c:1050:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = q ? q - p : strlen(p);
data/neomutt-20201120+dfsg.1/mutt/file.c:705:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fp); /* This is kind of a hack. We want to know if the
data/neomutt-20201120+dfsg.1/mutt/file.c:885:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(path);
data/neomutt-20201120+dfsg.1/mutt/md5.c:322:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mutt_md5_bytes(str, strlen(str), buf);
data/neomutt-20201120+dfsg.1/mutt/md5.c:360:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_md5_process_bytes(str, strlen(str), md5ctx);
data/neomutt-20201120+dfsg.1/mutt/path.c:126:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(dest, dd + 3, strlen(dd + 3) + 1);
data/neomutt-20201120+dfsg.1/mutt/path.c:358:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fname[0] == '\0') || ((dir[0] != '\0') && (dir[strlen(dir) - 1] == '/')))
data/neomutt-20201120+dfsg.1/mutt/path.c:406:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(path) > 1) && (path[0] == '/'))
data/neomutt-20201120+dfsg.1/mutt/path.c:416:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = sizeof(abs_path) - strlen(path);
data/neomutt-20201120+dfsg.1/mutt/prex.c:313:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/neomutt-20201120+dfsg.1/mutt/regex.c:404:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&dst[tlen], src, cpysize);
data/neomutt-20201120+dfsg.1/mutt/regex.c:410:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpysize = MIN(strlen(src) - pmatch[0].rm_eo, 1023 - tlen);
data/neomutt-20201120+dfsg.1/mutt/regex.c:411:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&dst[tlen], &src[pmatch[0].rm_eo], cpysize);
data/neomutt-20201120+dfsg.1/mutt/string.c:494:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_mem_realloc(p, strlen(*p) + 1);
data/neomutt-20201120+dfsg.1/mutt/string.c:633:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return a ? strlen(a) : 0;
data/neomutt-20201120+dfsg.1/mutt/string.c:925:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int needle_length = strlen(needle);
data/neomutt-20201120+dfsg.1/mutt/string.c:1047:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, str + target_len, 1 + strlen(str + target_len));
data/neomutt-20201120+dfsg.1/mutt/string2.h:50:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define terminate_string(str, strlen, buflen) \
data/neomutt-20201120+dfsg.1/mutt/string2.h:51:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(str)[MIN((strlen), (buflen))] = '\0'
data/neomutt-20201120+dfsg.1/mutt/string2.h:53:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define terminate_buffer(str, strlen) \
data/neomutt-20201120+dfsg.1/mutt/string2.h:54:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
terminate_string(str, strlen, sizeof(str) - 1)
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:228:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(strncat(mailboxlist, _("New mail in "), sizeof(mailboxlist) - 1 - pos));
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:228:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
pos += strlen(strncat(mailboxlist, _("New mail in "), sizeof(mailboxlist) - 1 - pos));
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:248:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(strncat(mailboxlist + pos, ", ", sizeof(mailboxlist) - 1 - pos));
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:248:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
pos += strlen(strncat(mailboxlist + pos, ", ", sizeof(mailboxlist) - 1 - pos));
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:257:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(strncat(mailboxlist + pos, mutt_b2s(path), sizeof(mailboxlist) - 1 - pos));
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:257:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
pos += strlen(strncat(mailboxlist + pos, mutt_b2s(path), sizeof(mailboxlist) - 1 - pos));
data/neomutt-20201120+dfsg.1/mutt_mailbox.c:264:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(mailboxlist + pos, ", ...", sizeof(mailboxlist) - 1 - pos);
data/neomutt-20201120+dfsg.1/mutt_thread.c:360:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_tree, pfx, (size_t) width * (start_depth - 1));
data/neomutt-20201120+dfsg.1/mutt_thread.c:1296:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e_cur->read && e_cur->visible)
data/neomutt-20201120+dfsg.1/mutt_thread.c:1379:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e_cur->read && e_cur->visible)
data/neomutt-20201120+dfsg.1/muttlib.c:201:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((mb_type == MUTT_IMAP) && ((C_Folder[strlen(C_Folder) - 1] == '}') ||
data/neomutt-20201120+dfsg.1/muttlib.c:202:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(C_Folder[strlen(C_Folder) - 1] == '/')))
data/neomutt-20201120+dfsg.1/muttlib.c:208:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (C_Folder && (C_Folder[strlen(C_Folder) - 1] == '/'))
data/neomutt-20201120+dfsg.1/muttlib.c:383:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwnl = strlen(pw->pw_name);
data/neomutt-20201120+dfsg.1/muttlib.c:817:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(srccopy, src, n);
data/neomutt-20201120+dfsg.1/mx.c:681:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->deleted && e->read && !(e->flagged && C_KeepFlagged))
data/neomutt-20201120+dfsg.1/mx.c:743:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->deleted && !e->old && !e->read)
data/neomutt-20201120+dfsg.1/mx.c:767:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read && !e->deleted && !(e->flagged && C_KeepFlagged))
data/neomutt-20201120+dfsg.1/mx.c:800:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->read && !e->deleted && !(e->flagged && C_KeepFlagged))
data/neomutt-20201120+dfsg.1/mx.c:904:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->deleted && !e->read)
data/neomutt-20201120+dfsg.1/mx.c:1093:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
msg->flags.read = e->read;
data/neomutt-20201120+dfsg.1/mx.h:90:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read : 1;
data/neomutt-20201120+dfsg.1/ncrypt/crypt.c:774:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int c = fgetc(s->fp_in);
data/neomutt-20201120+dfsg.1/ncrypt/crypt.c:1352:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) % 8)
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:354:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!C_PgpLongIds) && (strlen(s) == 16))
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:395:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) == 16)
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:689:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fp_tmp)) != EOF)
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1608:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = mutt_mem_malloc(strlen(prefix) + strlen(s) * 4 + 2);
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1608:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = mutt_mem_malloc(strlen(prefix) + strlen(s) * 4 + 2);
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1610:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = buf + strlen(buf);
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1611:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (is_pgp && (strlen(s) == 40))
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:1992:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(*notation->value && (notation->value[strlen(notation->value) - 1] == '\n')))
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:3509:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t) > 3)
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:4352:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sender_length = strlen(sender->mailbox);
data/neomutt-20201120+dfsg.1/ncrypt/crypt_gpgme.c:4355:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int uid_length = strlen(uid->email);
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:324:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_utf8(fp, dn->value, strlen(dn->value));
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:624:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_utf8(fp, s, strlen(s));
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:688:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (is_pgp && (strlen(s) == 40))
data/neomutt-20201120+dfsg.1/ncrypt/dlggpgme.c:748:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) == 16)
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:114:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((n >= 0) && ((ob - buf) == n) && (buf[n] = 0, (strlen(buf) < (size_t) n)))
data/neomutt-20201120+dfsg.1/ncrypt/gnupgparse.c:272:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tstr, p, 11);
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:642:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp_pgp_out);
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1048:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf + len - 2, "\n");
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1083:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp_out) == EOF)
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1609:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_out) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/pgp.c:1784:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_pgp_out) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/pgpkey.c:332:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t) > 3)
data/neomutt-20201120+dfsg.1/ncrypt/pgpmicalg.c:131:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LOFF_T end = ftello(fp_in) - strlen(line);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:923:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*buffer)[count], email, mutt_str_len(email));
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:984:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_out) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1021:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_cert) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1094:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_out) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1383:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_out) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1460:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t l = strlen(md) + 2;
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1561:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
empty = (fgetc(fp_smime_out) == EOF);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1875:19: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int c = fgetc(fp_smime_err);
data/neomutt-20201120+dfsg.1/ncrypt/smime.c:1900:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp_smime_out) == EOF)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:77:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(group) + 1;
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:336:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((last >= mdata->first_message) && !e->deleted && !e->read)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:353:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->deleted || e->read)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:459:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (off + strlen(mdata->group) + 3 > buflen)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:465:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(buf + off);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:484:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(buf + off);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:539:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = dst + strlen(dst) - 1;
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:586:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "%1023s " ANUM " " ANUM " %c %8191[^\n]", group, &last,
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:626:40: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (!fgets(buf, sizeof(buf), fp) || (sscanf(buf, "%ld%4095s", &t, file) != 1) || (t == 0))
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:656:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t off = strlen(buf);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:665:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((off + strlen(mdata->group) + (mdata->desc ? strlen(mdata->desc) : 0) + 50) > buflen)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:665:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((off + strlen(mdata->group) + (mdata->desc ? strlen(mdata->desc) : 0) + 50) > buflen)
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:673:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(buf + off);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:697:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(first, last, strlen(last) + 1);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:757:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_delete_record(hc, buf, strlen(buf));
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:768:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_store_raw(hc, "index", 5, buf, strlen(buf) + 1);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:854:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp = file + strlen(file);
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:865:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_strn_cat(file, sizeof(file), group, strlen(group));
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:872:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ext = group + strlen(group) - 7;
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:873:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(group) < 8) || !mutt_str_equal(ext, ".hcache"))
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:1136:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = group + strlen(group) - 7;
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:1137:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(group) < 8) || (strcmp(p, ".hcache") != 0))
data/neomutt-20201120+dfsg.1/nntp/newsrc.c:1397:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read && !e->deleted)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:449:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(adata->overview_fmt + off);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:464:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(adata->overview_fmt + b);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:593:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m += strlen(method);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:681:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:714:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (sasl_decode64(inbuf + 4, strlen(inbuf + 4), buf,
data/neomutt-20201120+dfsg.1/nntp/nntp.c:921:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(p);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1180:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct HCacheEntry hce = mutt_hcache_fetch(fc->hc, buf, strlen(buf), 0);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1207:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_store(fc->hc, buf, strlen(buf), e, 0);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1226:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1310:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_delete_record(fc.hc, buf, strlen(buf));
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1347:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct HCacheEntry hce = mutt_hcache_fetch(fc.hc, buf, strlen(buf), 0);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1445:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1609:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct HCacheEntry hce = mutt_hcache_fetch(hc, buf, strlen(buf), 0);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1638:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!m->emails[i]->read)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1654:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct HCacheEntry hce = mutt_hcache_fetch(hc, buf, strlen(buf), 0);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:1682:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!e->read)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2013:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2030:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((buf[strlen(buf) - 1] != '\n') &&
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2606:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e->deleted && !e->read)
data/neomutt-20201120+dfsg.1/nntp/nntp.c:2609:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_store(hc, buf, strlen(buf), e, 0);
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:772:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(id) + 3;
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1447:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(e->read || e->old) ? "cur" : "new", filename, suffix);
data/neomutt-20201120+dfsg.1/notmuch/notmuch.c:1698:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return full_folder + strlen(db_path);
data/neomutt-20201120+dfsg.1/pager.c:652:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp->prefix, qptr, length);
data/neomutt-20201120+dfsg.1/pager.c:761:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp->prefix, qptr, length);
data/neomutt-20201120+dfsg.1/pager.c:863:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp->prefix, qptr, length);
data/neomutt-20201120+dfsg.1/pager.c:900:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(qc->prefix, qptr, length);
data/neomutt-20201120+dfsg.1/pager.c:2300:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Context && IsEmail(extra) && !extra->email->read)
data/neomutt-20201120+dfsg.1/pager.c:2413:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (e && !e->read)
data/neomutt-20201120+dfsg.1/pager.c:3386:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (extra->email->read || extra->email->old)
data/neomutt-20201120+dfsg.1/pattern/exec.c:765:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ? e->old || e->read : !(e->old || e->read);
data/neomutt-20201120+dfsg.1/pattern/exec.c:765:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ? e->old || e->read : !(e->old || e->read);
data/neomutt-20201120+dfsg.1/pattern/exec.c:767:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ? e->read : !e->read;
data/neomutt-20201120+dfsg.1/pattern/exec.c:767:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ? e->read : !e->read;
data/neomutt-20201120+dfsg.1/pattern/exec.c:771:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ? (!e->old || e->read) : (e->old && !e->read);
data/neomutt-20201120+dfsg.1/pattern/exec.c:771:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ? (!e->old || e->read) : (e->old && !e->read);
data/neomutt-20201120+dfsg.1/pattern/exec.c:773:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return pat->pat_not ^ e->read;
data/neomutt-20201120+dfsg.1/pop/auth.c:103:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
olen = strlen(buf);
data/neomutt-20201120+dfsg.1/pop/auth.c:126:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(sasl_decode64(inbuf + 2, strlen(inbuf + 2), buf, bufsize - 1, &len) != SASL_OK))
data/neomutt-20201120+dfsg.1/pop/auth.c:341:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t auth_cmd_len = strlen(oauthbearer) + 30;
data/neomutt-20201120+dfsg.1/pop/auth.c:346:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret = pop_query_d(adata, auth_cmd, strlen(auth_cmd),
data/neomutt-20201120+dfsg.1/pop/lib.c:134:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_str_copy(t, c, sizeof(adata->err_msg) - strlen(adata->err_msg));
data/neomutt-20201120+dfsg.1/pop/lib.c:550:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenbuf += strlen(p);
data/neomutt-20201120+dfsg.1/pop/pop.c:267:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0)
data/neomutt-20201120+dfsg.1/pop/pop.c:450:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
struct HCacheEntry hce = mutt_hcache_fetch(hc, edata->uid, strlen(edata->uid), 0);
data/neomutt-20201120+dfsg.1/pop/pop.c:481:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_store(hc, edata->uid, strlen(edata->uid), m->emails[i], 0);
data/neomutt-20201120+dfsg.1/pop/pop.c:574:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = mutt_mem_calloc(strlen(C_PopHost) + 7, sizeof(char));
data/neomutt-20201120+dfsg.1/pop/pop.c:953:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_delete_record(hc, edata->uid, strlen(edata->uid));
data/neomutt-20201120+dfsg.1/pop/pop.c:961:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_hcache_store(hc, edata->uid, strlen(edata->uid), m->emails[i], 0);
data/neomutt-20201120+dfsg.1/pop/pop.c:1194:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = mutt_hcache_store(hc, edata->uid, strlen(edata->uid), e, 0);
data/neomutt-20201120+dfsg.1/remailer.c:302:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = coords[i - 1].c + strlen(type2_list[chain->ch[i - 1]]->shortname) + 2;
data/neomutt-20201120+dfsg.1/remailer.c:314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(type2_list[chain->ch[i]]->shortname) + 2;
data/neomutt-20201120+dfsg.1/send/header.c:275:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return mutt_istrn_cmp(ca, cb, strlen(cb));
data/neomutt-20201120+dfsg.1/send/send.c:1491:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(fp);
data/neomutt-20201120+dfsg.1/send/sendlib.c:1669:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(fp_tmp) != '\n')
data/neomutt-20201120+dfsg.1/send/smtp.c:500:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sasl_decode64(buf + 4, strlen(buf + 4), buf, bufsize - 1, &len) != SASL_OK)
data/neomutt-20201120+dfsg.1/send/smtp.c:561:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ilen = strlen(oauthbearer) + 30;
data/neomutt-20201120+dfsg.1/sidebar/window.c:77:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen(mbox) - mlen + flen;
data/neomutt-20201120+dfsg.1/status.c:336:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
snprintf(buf, buflen, fmt, read);
data/neomutt-20201120+dfsg.1/test/acutest.h:803:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf((title[strlen(title)-1] == ':') ? "%s\n" : "%s:\n", title);
data/neomutt-20201120+dfsg.1/test/acutest.h:884:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pattern_len = strlen(pattern);
data/neomutt-20201120+dfsg.1/test/acutest.h:1302:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(opt->longname);
data/neomutt-20201120+dfsg.1/test/acutest.h:1364:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(auxbuf, badoptname, len);
data/neomutt-20201120+dfsg.1/test/acutest.h:1603:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, buf + n_read, sizeof(buf) - 1 - n_read);
data/neomutt-20201120+dfsg.1/test/address/mutt_addr_write.c:65:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(len == strlen(expected));
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_add_printf.c:47:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(mutt_b2s(&buf)) == 0);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr_n.c:45:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr_n.c:53:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(mutt_b2s(&buf)) == MIN(len, sizes[i]));
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr_n.c:63:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t base_len = strlen(base);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr_n.c:65:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_addstr_n.c:75:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(mutt_b2s(&buf)) == (base_len + MIN(len, sizes[i])));
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_concat_path.c:70:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!TEST_CHECK(strlen(mutt_b2s(&buf)) == 0))
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_concat_path.c:72:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_MSG("len = %ld", strlen(mutt_b2s(&buf)));
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_fix_dptr.c:48:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(mutt_buffer_len(&buf) == (strlen(str)));
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_printf.c:47:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(mutt_b2s(&buf)) == 0);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strcpy_n.c:47:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strcpy_n.c:55:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(mutt_b2s(&buf)) == MIN(len, sizes[i]));
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strcpy_n.c:66:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(str);
data/neomutt-20201120+dfsg.1/test/buffer/mutt_buffer_strcpy_n.c:75:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(mutt_b2s(&buf)) == MIN(len, sizes[i]));
data/neomutt-20201120+dfsg.1/test/charset/mutt_ch_get_default_charset.c:34:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(cs) != 0);
data/neomutt-20201120+dfsg.1/test/common.c:56:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(path);
data/neomutt-20201120+dfsg.1/test/compress/common.c:109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!TEST_CHECK(size < strlen(compress_test_data)))
data/neomutt-20201120+dfsg.1/test/md5/mutt_md5_bytes.c:52:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mutt_md5_process_bytes(md5_test_data[i].text, strlen(md5_test_data[i].text), &ctx);
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:91:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, " ");
data/neomutt-20201120+dfsg.1/test/pattern/comp.c:100:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, "{");
data/neomutt-20201120+dfsg.1/test/store/common.c:88:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t klen = strlen(key);
data/neomutt-20201120+dfsg.1/test/store/common.c:90:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t vlen = strlen(value);
data/neomutt-20201120+dfsg.1/test/string/mutt_str_adjust.c:56:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST_CHECK(strlen(ptr) == len);
data/neomutt-20201120+dfsg.1/version.c:362:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(co[i].name) + 2; /* +/- and a space */
data/neomutt-20201120+dfsg.1/version.c:408:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = &s[strlen(s)];
ANALYSIS SUMMARY:
Hits = 1879
Lines analyzed = 219417 in approximately 5.58 seconds (39307 lines/second)
Physical Source Lines of Code (SLOC) = 138585
Hits@level = [0] 946 [1] 452 [2] 1110 [3] 69 [4] 236 [5] 12
Hits@level+ = [0+] 2825 [1+] 1879 [2+] 1427 [3+] 317 [4+] 248 [5+] 12
Hits/KSLOC@level+ = [0+] 20.3846 [1+] 13.5585 [2+] 10.2969 [3+] 2.2874 [4+] 1.78952 [5+] 0.0865895
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.