Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pd-cyclone-0.2~beta3/hammer/Append.c
Examining data/pd-cyclone-0.2~beta3/hammer/Borax.c
Examining data/pd-cyclone-0.2~beta3/hammer/Bucket.c
Examining data/pd-cyclone-0.2~beta3/hammer/Clip.c
Examining data/pd-cyclone-0.2~beta3/hammer/Decode.c
Examining data/pd-cyclone-0.2~beta3/hammer/Histo.c
Examining data/pd-cyclone-0.2~beta3/hammer/MouseState.c
Examining data/pd-cyclone-0.2~beta3/hammer/Peak.c
Examining data/pd-cyclone-0.2~beta3/hammer/Table.c
Examining data/pd-cyclone-0.2~beta3/hammer/TogEdge.c
Examining data/pd-cyclone-0.2~beta3/hammer/Trough.c
Examining data/pd-cyclone-0.2~beta3/hammer/Uzi.c
Examining data/pd-cyclone-0.2~beta3/hammer/accum.c
Examining data/pd-cyclone-0.2~beta3/hammer/acos.c
Examining data/pd-cyclone-0.2~beta3/hammer/active.c
Examining data/pd-cyclone-0.2~beta3/hammer/allhammers.c
Examining data/pd-cyclone-0.2~beta3/hammer/anal.c
Examining data/pd-cyclone-0.2~beta3/hammer/asin.c
Examining data/pd-cyclone-0.2~beta3/hammer/bangbang.c
Examining data/pd-cyclone-0.2~beta3/hammer/bondo.c
Examining data/pd-cyclone-0.2~beta3/hammer/buddy.c
Examining data/pd-cyclone-0.2~beta3/hammer/capture.c
Examining data/pd-cyclone-0.2~beta3/hammer/cartopol.c
Examining data/pd-cyclone-0.2~beta3/hammer/coll.c
Examining data/pd-cyclone-0.2~beta3/hammer/comment.c
Examining data/pd-cyclone-0.2~beta3/hammer/cosh.c
Examining data/pd-cyclone-0.2~beta3/hammer/counter.c
Examining data/pd-cyclone-0.2~beta3/hammer/cycle.c
Examining data/pd-cyclone-0.2~beta3/hammer/drunk.c
Examining data/pd-cyclone-0.2~beta3/hammer/flush.c
Examining data/pd-cyclone-0.2~beta3/hammer/forward.c
Examining data/pd-cyclone-0.2~beta3/hammer/fromsymbol.c
Examining data/pd-cyclone-0.2~beta3/hammer/funbuff.c
Examining data/pd-cyclone-0.2~beta3/hammer/funnel.c
Examining data/pd-cyclone-0.2~beta3/hammer/gate.c
Examining data/pd-cyclone-0.2~beta3/hammer/grab.c
Examining data/pd-cyclone-0.2~beta3/hammer/hammer.c
Examining data/pd-cyclone-0.2~beta3/hammer/iter.c
Examining data/pd-cyclone-0.2~beta3/hammer/match.c
Examining data/pd-cyclone-0.2~beta3/hammer/maximum.c
Examining data/pd-cyclone-0.2~beta3/hammer/mean.c
Examining data/pd-cyclone-0.2~beta3/hammer/midiflush.c
Examining data/pd-cyclone-0.2~beta3/hammer/midiformat.c
Examining data/pd-cyclone-0.2~beta3/hammer/midiparse.c
Examining data/pd-cyclone-0.2~beta3/hammer/minimum.c
Examining data/pd-cyclone-0.2~beta3/hammer/mousefilter.c
Examining data/pd-cyclone-0.2~beta3/hammer/mtr.c
Examining data/pd-cyclone-0.2~beta3/hammer/next.c
Examining data/pd-cyclone-0.2~beta3/hammer/offer.c
Examining data/pd-cyclone-0.2~beta3/hammer/onebang.c
Examining data/pd-cyclone-0.2~beta3/hammer/past.c
Examining data/pd-cyclone-0.2~beta3/hammer/poltocar.c
Examining data/pd-cyclone-0.2~beta3/hammer/prepend.c
Examining data/pd-cyclone-0.2~beta3/hammer/prob.c
Examining data/pd-cyclone-0.2~beta3/hammer/pv.c
Examining data/pd-cyclone-0.2~beta3/hammer/seq.c
Examining data/pd-cyclone-0.2~beta3/hammer/sinh.c
Examining data/pd-cyclone-0.2~beta3/hammer/speedlim.c
Examining data/pd-cyclone-0.2~beta3/hammer/spell.c
Examining data/pd-cyclone-0.2~beta3/hammer/split.c
Examining data/pd-cyclone-0.2~beta3/hammer/spray.c
Examining data/pd-cyclone-0.2~beta3/hammer/sprintf.c
Examining data/pd-cyclone-0.2~beta3/hammer/substitute.c
Examining data/pd-cyclone-0.2~beta3/hammer/sustain.c
Examining data/pd-cyclone-0.2~beta3/hammer/switch.c
Examining data/pd-cyclone-0.2~beta3/hammer/tanh.c
Examining data/pd-cyclone-0.2~beta3/hammer/testmess.c
Examining data/pd-cyclone-0.2~beta3/hammer/thresh.c
Examining data/pd-cyclone-0.2~beta3/hammer/tosymbol.c
Examining data/pd-cyclone-0.2~beta3/hammer/universal.c
Examining data/pd-cyclone-0.2~beta3/hammer/urn.c
Examining data/pd-cyclone-0.2~beta3/hammer/xbendin.c
Examining data/pd-cyclone-0.2~beta3/hammer/xbendin2.c
Examining data/pd-cyclone-0.2~beta3/hammer/xbendout.c
Examining data/pd-cyclone-0.2~beta3/hammer/xbendout2.c
Examining data/pd-cyclone-0.2~beta3/hammer/xnotein.c
Examining data/pd-cyclone-0.2~beta3/hammer/xnoteout.c
Examining data/pd-cyclone-0.2~beta3/hammer/zl.c
Examining data/pd-cyclone-0.2~beta3/hammer/decide.c
Examining data/pd-cyclone-0.2~beta3/shadow/cyclone.c
Examining data/pd-cyclone-0.2~beta3/shadow/dummies.c
Examining data/pd-cyclone-0.2~beta3/shadow/maxmode.c
Examining data/pd-cyclone-0.2~beta3/shadow/nettles.c
Examining data/pd-cyclone-0.2~beta3/shadow/shadow.h
Examining data/pd-cyclone-0.2~beta3/shared/common/binport.c
Examining data/pd-cyclone-0.2~beta3/shared/common/binport.h
Examining data/pd-cyclone-0.2~beta3/shared/common/clc.c
Examining data/pd-cyclone-0.2~beta3/shared/common/clc.h
Examining data/pd-cyclone-0.2~beta3/shared/common/dict.c
Examining data/pd-cyclone-0.2~beta3/shared/common/dict.h
Examining data/pd-cyclone-0.2~beta3/shared/common/fitter.c
Examining data/pd-cyclone-0.2~beta3/shared/common/fitter.h
Examining data/pd-cyclone-0.2~beta3/shared/common/grow.c
Examining data/pd-cyclone-0.2~beta3/shared/common/grow.h
Examining data/pd-cyclone-0.2~beta3/shared/common/lex.c
Examining data/pd-cyclone-0.2~beta3/shared/common/lex.h
Examining data/pd-cyclone-0.2~beta3/shared/common/loud.c
Examining data/pd-cyclone-0.2~beta3/shared/common/loud.h
Examining data/pd-cyclone-0.2~beta3/shared/common/messtree.c
Examining data/pd-cyclone-0.2~beta3/shared/common/messtree.h
Examining data/pd-cyclone-0.2~beta3/shared/common/mifi.c
Examining data/pd-cyclone-0.2~beta3/shared/common/mifi.h
Examining data/pd-cyclone-0.2~beta3/shared/common/os.c
Examining data/pd-cyclone-0.2~beta3/shared/common/os.h
Examining data/pd-cyclone-0.2~beta3/shared/common/patchvalue.c
Examining data/pd-cyclone-0.2~beta3/shared/common/patchvalue.h
Examining data/pd-cyclone-0.2~beta3/shared/common/port.c
Examining data/pd-cyclone-0.2~beta3/shared/common/port.h
Examining data/pd-cyclone-0.2~beta3/shared/common/props.c
Examining data/pd-cyclone-0.2~beta3/shared/common/props.h
Examining data/pd-cyclone-0.2~beta3/shared/common/qtree.c
Examining data/pd-cyclone-0.2~beta3/shared/common/qtree.h
Examining data/pd-cyclone-0.2~beta3/shared/common/rand.c
Examining data/pd-cyclone-0.2~beta3/shared/common/rand.h
Examining data/pd-cyclone-0.2~beta3/shared/common/vefl.c
Examining data/pd-cyclone-0.2~beta3/shared/common/vefl.h
Examining data/pd-cyclone-0.2~beta3/shared/hammer/file.c
Examining data/pd-cyclone-0.2~beta3/shared/hammer/file.h
Examining data/pd-cyclone-0.2~beta3/shared/hammer/gui.c
Examining data/pd-cyclone-0.2~beta3/shared/hammer/gui.h
Examining data/pd-cyclone-0.2~beta3/shared/hammer/tree.c
Examining data/pd-cyclone-0.2~beta3/shared/hammer/tree.h
Examining data/pd-cyclone-0.2~beta3/shared/shared.c
Examining data/pd-cyclone-0.2~beta3/shared/shared.h
Examining data/pd-cyclone-0.2~beta3/shared/sickle/arsic.c
Examining data/pd-cyclone-0.2~beta3/shared/sickle/arsic.h
Examining data/pd-cyclone-0.2~beta3/shared/sickle/sic.c
Examining data/pd-cyclone-0.2~beta3/shared/sickle/sic.h
Examining data/pd-cyclone-0.2~beta3/shared/unstable/forky.c
Examining data/pd-cyclone-0.2~beta3/shared/unstable/forky.h
Examining data/pd-cyclone-0.2~beta3/shared/unstable/fragile.c
Examining data/pd-cyclone-0.2~beta3/shared/unstable/fragile.h
Examining data/pd-cyclone-0.2~beta3/shared/unstable/fringe.c
Examining data/pd-cyclone-0.2~beta3/shared/unstable/fringe.h
Examining data/pd-cyclone-0.2~beta3/shared/unstable/loader.c
Examining data/pd-cyclone-0.2~beta3/shared/unstable/loader.h
Examining data/pd-cyclone-0.2~beta3/shared/unstable/pd_imp.h
Examining data/pd-cyclone-0.2~beta3/shared/unstable/standalone.c
Examining data/pd-cyclone-0.2~beta3/shared/unstable/standalone.h
Examining data/pd-cyclone-0.2~beta3/sickle/Clip.c
Examining data/pd-cyclone-0.2~beta3/sickle/Line.c
Examining data/pd-cyclone-0.2~beta3/sickle/Scope.c
Examining data/pd-cyclone-0.2~beta3/sickle/Snapshot.c
Examining data/pd-cyclone-0.2~beta3/sickle/abs.c
Examining data/pd-cyclone-0.2~beta3/sickle/acos.c
Examining data/pd-cyclone-0.2~beta3/sickle/acosh.c
Examining data/pd-cyclone-0.2~beta3/sickle/allpass.c
Examining data/pd-cyclone-0.2~beta3/sickle/allsickles.c
Examining data/pd-cyclone-0.2~beta3/sickle/asin.c
Examining data/pd-cyclone-0.2~beta3/sickle/asinh.c
Examining data/pd-cyclone-0.2~beta3/sickle/atan.c
Examining data/pd-cyclone-0.2~beta3/sickle/atan2.c
Examining data/pd-cyclone-0.2~beta3/sickle/atanh.c
Examining data/pd-cyclone-0.2~beta3/sickle/average.c
Examining data/pd-cyclone-0.2~beta3/sickle/avg.c
Examining data/pd-cyclone-0.2~beta3/sickle/bitand.c
Examining data/pd-cyclone-0.2~beta3/sickle/bitnot.c
Examining data/pd-cyclone-0.2~beta3/sickle/bitor.c
Examining data/pd-cyclone-0.2~beta3/sickle/bitshift.c
Examining data/pd-cyclone-0.2~beta3/sickle/bitxor.c
Examining data/pd-cyclone-0.2~beta3/sickle/buffir.c
Examining data/pd-cyclone-0.2~beta3/sickle/capture.c
Examining data/pd-cyclone-0.2~beta3/sickle/cartopol.c
Examining data/pd-cyclone-0.2~beta3/sickle/change.c
Examining data/pd-cyclone-0.2~beta3/sickle/click.c
Examining data/pd-cyclone-0.2~beta3/sickle/comb.c
Examining data/pd-cyclone-0.2~beta3/sickle/cosh.c
Examining data/pd-cyclone-0.2~beta3/sickle/cosx.c
Examining data/pd-cyclone-0.2~beta3/sickle/count.c
Examining data/pd-cyclone-0.2~beta3/sickle/curve.c
Examining data/pd-cyclone-0.2~beta3/sickle/cycle.c
Examining data/pd-cyclone-0.2~beta3/sickle/delay.c
Examining data/pd-cyclone-0.2~beta3/sickle/delta.c
Examining data/pd-cyclone-0.2~beta3/sickle/deltaclip.c
Examining data/pd-cyclone-0.2~beta3/sickle/edge.c
Examining data/pd-cyclone-0.2~beta3/sickle/framedelta.c
Examining data/pd-cyclone-0.2~beta3/sickle/index.c
Examining data/pd-cyclone-0.2~beta3/sickle/kink.c
Examining data/pd-cyclone-0.2~beta3/sickle/linedrive.c
Examining data/pd-cyclone-0.2~beta3/sickle/log.c
Examining data/pd-cyclone-0.2~beta3/sickle/lookup.c
Examining data/pd-cyclone-0.2~beta3/sickle/lores.c
Examining data/pd-cyclone-0.2~beta3/sickle/matrix.c
Examining data/pd-cyclone-0.2~beta3/sickle/maximum.c
Examining data/pd-cyclone-0.2~beta3/sickle/minimum.c
Examining data/pd-cyclone-0.2~beta3/sickle/minmax.c
Examining data/pd-cyclone-0.2~beta3/sickle/mstosamps.c
Examining data/pd-cyclone-0.2~beta3/sickle/onepole.c
Examining data/pd-cyclone-0.2~beta3/sickle/overdrive.c
Examining data/pd-cyclone-0.2~beta3/sickle/peakamp.c
Examining data/pd-cyclone-0.2~beta3/sickle/peek.c
Examining data/pd-cyclone-0.2~beta3/sickle/phasewrap.c
Examining data/pd-cyclone-0.2~beta3/sickle/pink.c
Examining data/pd-cyclone-0.2~beta3/sickle/play.c
Examining data/pd-cyclone-0.2~beta3/sickle/poke.c
Examining data/pd-cyclone-0.2~beta3/sickle/poltocar.c
Examining data/pd-cyclone-0.2~beta3/sickle/pong.c
Examining data/pd-cyclone-0.2~beta3/sickle/pow.c
Examining data/pd-cyclone-0.2~beta3/sickle/rampsmooth.c
Examining data/pd-cyclone-0.2~beta3/sickle/rand.c
Examining data/pd-cyclone-0.2~beta3/sickle/record.c
Examining data/pd-cyclone-0.2~beta3/sickle/reson.c
Examining data/pd-cyclone-0.2~beta3/sickle/sah.c
Examining data/pd-cyclone-0.2~beta3/sickle/sampstoms.c
Examining data/pd-cyclone-0.2~beta3/sickle/sickle.c
Examining data/pd-cyclone-0.2~beta3/sickle/sinh.c
Examining data/pd-cyclone-0.2~beta3/sickle/sinx.c
Examining data/pd-cyclone-0.2~beta3/sickle/slide.c
Examining data/pd-cyclone-0.2~beta3/sickle/spike.c
Examining data/pd-cyclone-0.2~beta3/sickle/svf.c
Examining data/pd-cyclone-0.2~beta3/sickle/tanh.c
Examining data/pd-cyclone-0.2~beta3/sickle/tanx.c
Examining data/pd-cyclone-0.2~beta3/sickle/teeth.c
Examining data/pd-cyclone-0.2~beta3/sickle/train.c
Examining data/pd-cyclone-0.2~beta3/sickle/trapezoid.c
Examining data/pd-cyclone-0.2~beta3/sickle/triangle.c
Examining data/pd-cyclone-0.2~beta3/sickle/vectral.c
Examining data/pd-cyclone-0.2~beta3/sickle/wave.c
Examining data/pd-cyclone-0.2~beta3/sickle/zerox.c
Examining data/pd-cyclone-0.2~beta3/sickle/frameaccum.c
FINAL RESULTS:
data/pd-cyclone-0.2~beta3/hammer/capture.c:88:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cnt += sprintf(bp, fmt, i);
data/pd-cyclone-0.2~beta3/hammer/capture.c:103:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cnt += sprintf(bp, fmt, f);
data/pd-cyclone-0.2~beta3/hammer/comment.c:92:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, "comment_draw %s .x%lx.c %s %s %f %f %s %d %s %s {%.*s} %d\n",
data/pd-cyclone-0.2~beta3/hammer/comment.c:121:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, "comment_update .x%lx.c %s %s {%.*s} %d\n", cvid,
data/pd-cyclone-0.2~beta3/hammer/comment.c:129:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c select from %s %d\n",
data/pd-cyclone-0.2~beta3/hammer/comment.c:132:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c select to %s %d\n",
data/pd-cyclone-0.2~beta3/hammer/comment.c:141:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c icursor %s %d\n",
data/pd-cyclone-0.2~beta3/hammer/comment.c:144:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c focus %s\n", cvid, x->x_texttag);
data/pd-cyclone-0.2~beta3/hammer/comment.c:148:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, "comment_bbox %s .x%lx.c %s\n",
data/pd-cyclone-0.2~beta3/hammer/comment.c:250:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c bind %s <ButtonRelease> \
data/pd-cyclone-0.2~beta3/hammer/comment.c:254:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c bind %s <Motion> \
data/pd-cyclone-0.2~beta3/hammer/comment.c:258:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outp, ".x%lx.c create rectangle %d %d %d %d -outline blue \
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:79:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = sprintf(buf, x->p_pattern, (int)f);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:81:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = sprintf(buf, x->p_pattern, f);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:87:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = sprintf(buf, x->p_pattern, (unsigned char)f);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:93:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
result = sprintf(buf, x->p_pattern, tmp);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:113:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else result = sprintf(buf, x->p_pattern, s->s_name);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:176:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outp, inp);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:330:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + size, atomtext);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:473:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (x) sprintf(errstring, "%s parameter not supported",
data/pd-cyclone-0.2~beta3/hammer/testmess.c:11:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/pd-cyclone-0.2~beta3/hammer/testmess.c:11:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/pd-cyclone-0.2~beta3/hammer/testmess.c:273:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, MAXPDSTRING-1, fmt, i);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:45:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:60:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:75:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:542:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#%s", ap->a_w.w_symbol->s_name);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:575:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#%s", ap->a_w.w_symbol->s_name);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:716:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, dirname), strcat(namebuf, "/");
data/pd-cyclone-0.2~beta3/shared/common/binport.c:717:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, filename);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:782:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, dirname), strcat(namebuf, "/");
data/pd-cyclone-0.2~beta3/shared/common/binport.c:783:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, filename);
data/pd-cyclone-0.2~beta3/shared/common/dict.c:131:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sym2->s_name, s);
data/pd-cyclone-0.2~beta3/shared/common/fitter.c:261:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:236:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "$%s", ap->a_w.w_symbol->s_name);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:13:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/pd-cyclone-0.2~beta3/shared/common/loud.c:70:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:85:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:98:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:143:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:223:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:247:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:267:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:287:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lc->lc_callername, callername);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:315:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, callerfmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:354:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, MAXPDSTRING-1, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:367:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, MAXPDSTRING-1, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:439:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, MAXPDSTRING-1, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:215:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:230:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:310:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ep->e_data, text);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:547:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slashpos, fnameptr);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:934:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tnamebuf, p1);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1329:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fnamebuf, dirname), strcat(fnamebuf, "/");
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1330:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fnamebuf, filename);
data/pd-cyclone-0.2~beta3/shared/common/os.c:23:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:38:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, home);
data/pd-cyclone-0.2~beta3/shared/common/os.c:40:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:61:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + 2, path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:69:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:83:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:93:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:95:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + ndx, path + 2);
data/pd-cyclone-0.2~beta3/shared/common/os.c:109:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:111:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + ndx, path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:120:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:122:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + ndx, path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:218:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(slashpos, nameptr);
data/pd-cyclone-0.2~beta3/shared/common/patchvalue.c:183:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "#%s", cname->s_name);
data/pd-cyclone-0.2~beta3/shared/common/port.c:1587:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "$%s", ap->a_w.w_symbol->s_name);
data/pd-cyclone-0.2~beta3/shared/common/props.c:64:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ep->e_key, key);
data/pd-cyclone-0.2~beta3/shared/common/props.c:66:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ep->e_value, value);
data/pd-cyclone-0.2~beta3/shared/common/props.c:98:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ep->e_value, value);
data/pd-cyclone-0.2~beta3/shared/sickle/arsic.c:93:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d-%s", ch, x->s_stub);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:63:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, dirname);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:65:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filename, classname);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:72:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(symname, classname);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:74:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(symname, classname);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:155:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, dirname);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:158:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, classname);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:159:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(namebuf, sys_dllextent);
data/pd-cyclone-0.2~beta3/shared/unstable/standalone.c:71:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sym2->s_name, s);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:683:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd2, "-fill #%2.2x%2.2x%2.2x -width %f -tags {%s %s}\n ",
data/pd-cyclone-0.2~beta3/sickle/Scope.c:701:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chunkp, "%s %d %d %d %d %s", cmd1,
data/pd-cyclone-0.2~beta3/sickle/Scope.c:723:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chunkp, "%s %d %d %d %d %s", cmd1,
data/pd-cyclone-0.2~beta3/sickle/capture.c:53:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cnt += sprintf(bp, x->x_format, f);
data/pd-cyclone-0.2~beta3/shared/common/os.c:33:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *home = getenv("HOME");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:93:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
ntdll = LoadLibrary(filename);
data/pd-cyclone-0.2~beta3/hammer/Append.c:108:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/Append.c:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/Append.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ac, x->x_message, x->x_natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/Append.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_message, x->x_auxbuf + x->x_natoms,
data/pd-cyclone-0.2~beta3/hammer/Append.c:206:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap, av, ac * sizeof(*x->x_auxbuf));
data/pd-cyclone-0.2~beta3/hammer/Table.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/Table.c:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/Table.c:793:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cnt += sprintf(bp, "%d", v);
data/pd-cyclone-0.2~beta3/hammer/Table.c:805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/active.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pd-cyclone-0.2~beta3/hammer/active.c:39:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, ".x%lx.c", (unsigned long)canvas_getcurrent());
data/pd-cyclone-0.2~beta3/hammer/bondo.c:174:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->p_message, av, ac * sizeof(*x->p_message));
data/pd-cyclone-0.2~beta3/hammer/buddy.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->p_message, av, ac * sizeof(*x->p_message));
data/pd-cyclone-0.2~beta3/hammer/capture.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/capture.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/coll.c:588:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/coll.c:674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/coll.c:1460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/comment.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_tag[32];
data/pd-cyclone-0.2~beta3/hammer/comment.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_texttag[32];
data/pd-cyclone-0.2~beta3/hammer/comment.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_outlinetag[32];
data/pd-cyclone-0.2~beta3/hammer/comment.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_color[8];
data/pd-cyclone-0.2~beta3/hammer/comment.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMENT_OUTBUFSIZE], *outbuf, *outp;
data/pd-cyclone-0.2~beta3/hammer/comment.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMENT_OUTBUFSIZE], *outbuf, *outp;
data/pd-cyclone-0.2~beta3/hammer/comment.c:135:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outp, ".x%lx.c focus {}\n", cvid);
data/pd-cyclone-0.2~beta3/hammer/comment.c:139:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outp, ".x%lx.c select clear\n", cvid);
data/pd-cyclone-0.2~beta3/hammer/comment.c:248:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[COMMENT_OUTBUFSIZE], *outp = buf;
data/pd-cyclone-0.2~beta3/hammer/comment.c:684:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pd-cyclone-0.2~beta3/hammer/comment.c:688:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_tag, "all%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/hammer/comment.c:689:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_texttag, "t%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/hammer/comment.c:690:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_outlinetag, "h%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/hammer/comment.c:758:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_color, "#%2.2x%2.2x%2.2x", x->x_red, x->x_green, x->x_blue);
data/pd-cyclone-0.2~beta3/hammer/comment.c:772:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "miXed%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/hammer/flush.c:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x_pitches[FLUSH_NPITCHES]; /* CHECKED */
data/pd-cyclone-0.2~beta3/hammer/funbuff.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/funbuff.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/funnel.c:75:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->p_message + 1, av, ac * sizeof(*x->p_message));
data/pd-cyclone-0.2~beta3/hammer/funnel.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/iter.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_message, av, ac * sizeof(*x->x_message));
data/pd-cyclone-0.2~beta3/hammer/match.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_pattern, av, ac * sizeof(*x->x_pattern));
data/pd-cyclone-0.2~beta3/hammer/midiflush.c:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x_notes[MIDIFLUSH_NCHANNELS][MIDIFLUSH_NPITCHES];
data/pd-cyclone-0.2~beta3/hammer/mtr.c:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/mtr.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[MTR_FILEBUFSIZE];
data/pd-cyclone-0.2~beta3/hammer/mtr.c:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[MTR_FILEBUFSIZE], *bp = sbuf, *ep = sbuf + MTR_FILEBUFSIZE;
data/pd-cyclone-0.2~beta3/hammer/mtr.c:629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/prepend.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/prepend.c:112:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, x->x_message, x->x_natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/prepend.c:119:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, av, ac * sizeof(*bp));
data/pd-cyclone-0.2~beta3/hammer/prepend.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_message, x->x_auxbuf,
data/pd-cyclone-0.2~beta3/hammer/prepend.c:236:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_auxbuf, av, ac * sizeof(*x->x_auxbuf));
data/pd-cyclone-0.2~beta3/hammer/prob.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pd-cyclone-0.2~beta3/hammer/prob.c:259:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d %d %d\n",
data/pd-cyclone-0.2~beta3/hammer/pv.c:332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pf->f_message, av, ac * sizeof(*pf->f_message));
data/pd-cyclone-0.2~beta3/hammer/seq.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_bytes[4];
data/pd-cyclone-0.2~beta3/hammer/seq.c:1006:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/seq.c:1032:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING], *dotp;
data/pd-cyclone-0.2~beta3/hammer/seq.c:1083:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%g", ep->e_delta);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1085:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "(%g)->", ep->e_delta);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1087:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "(%g)", ep->e_delta);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1089:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %g", (float)*bp);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1093:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %g", (float)*bp);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING+2];
data/pd-cyclone-0.2~beta3/hammer/seq.c:1132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING+2];
data/pd-cyclone-0.2~beta3/hammer/seq.c:1139:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ";\n");
data/pd-cyclone-0.2~beta3/hammer/speedlim.c:90:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_message, av, ac * sizeof(*x->x_message));
data/pd-cyclone-0.2~beta3/hammer/spell.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pd-cyclone-0.2~beta3/hammer/spell.c:50:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i); /* CHECKED (negative numbers) */
data/pd-cyclone-0.2~beta3/hammer/spell.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pd-cyclone-0.2~beta3/hammer/spell.c:80:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i); /* CHECKED (negative numbers) */
data/pd-cyclone-0.2~beta3/hammer/spell.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pd-cyclone-0.2~beta3/hammer/spell.c:116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i); /* CHECKED (negative numbers) */
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64]; /* LATER rethink */
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:92:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%g", f);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SPRINTF_MAXWIDTH + 1]; /* LATER rethink */
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SPRINTF_MAXWIDTH + 1]; /* LATER rethink */
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atomtext[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstring[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:361:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "extra number field");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:369:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "precision field too large");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:377:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "width field too large");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:395:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring,
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:406:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring,
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:417:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring,
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:439:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "\'%c\' type not supported", *ptr);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:446:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "only single modifier is supported");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:453:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "\'%c\' modifier not supported", *ptr);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:460:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "multiple dots");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:468:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "parameter number field not supported");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:479:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring,
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:487:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (x) sprintf(errstring, "type not specified");
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:598:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SPRINTF_MAXWIDTH + 1]; /* LATER rethink */
data/pd-cyclone-0.2~beta3/hammer/substitute.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp, av, ncopy * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/sustain.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x_pitches[SUSTAIN_NPITCHES];
data/pd-cyclone-0.2~beta3/hammer/testmess.c:64:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_message,
data/pd-cyclone-0.2~beta3/hammer/testmess.c:68:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_message,
data/pd-cyclone-0.2~beta3/hammer/testmess.c:105:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:107:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ac, x->x_message, natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:115:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, x->x_message, natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:117:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + natoms, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:131:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ac, x->x_message, x->x_natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:138:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, x->x_message, x->x_natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + x->x_natoms, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + x->x_natoms, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/testmess.c:265:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING], fmt[16];
data/pd-cyclone-0.2~beta3/hammer/testmess.c:270:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt, "%%.%dx", nchars);
data/pd-cyclone-0.2~beta3/hammer/thresh.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av, ac * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_bufini[TOSYMBOL_INISTRING];
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tosymbol_buffer[TOSYMBOL_MAXSTRING];
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:51:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_buffer, "%g", f);
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:137:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_buffer, tosymbol_buffer, ntotal);
data/pd-cyclone-0.2~beta3/hammer/zl.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->d_buf, av, nrequested * sizeof(*d->d_buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->d_buf + natoms, av, ac * sizeof(*d->d_buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->d_buf + 1, av, nrequested * sizeof(*d->d_buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->d_buf + natoms + 1, av, ac * sizeof(*d->d_buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:360:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ptr, natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:380:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, x->x_inbuf1.d_buf, ac1 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:382:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + ac1, x->x_inbuf2.d_buf, ac2 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:432:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (buf) memcpy(buf, av1, ac1 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:449:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, av1, ndx * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:454:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, x->x_inbuf2.d_buf, ac2 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:458:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, av1 + ndx + 1, ntail * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:479:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (buf) memcpy(buf, x->x_inbuf1.d_buf, natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:534:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, x->x_inbuf1.d_buf + cnt2, cnt1 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:535:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + cnt1, x->x_inbuf1.d_buf, cnt2 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:537:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(buf, x->x_inbuf1.d_buf, natoms * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:680:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, av1, ac1 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/hammer/zl.c:692:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(buf, ap2, ac2 * sizeof(*buf));
data/pd-cyclone-0.2~beta3/shadow/dummies.c:611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirbuf[MAXPDSTRING], *nameptr;
data/pd-cyclone-0.2~beta3/shared/common/binport.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:125:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char word[4];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char word[10];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:339:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#%d", ap->a_w.w_index);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:559:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "#%d", opval);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:592:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bin_header[4] = { 2, 0, 0, 0 }; /* CHECKME any others? */
data/pd-cyclone-0.2~beta3/shared/common/binport.c:593:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_header[4] = { 0, 0, 0, 1 }; /* CHECKME any others? */
data/pd-cyclone-0.2~beta3/shared/common/binport.c:594:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text_header[4] = { 'm', 'a', 'x', ' ' };
data/pd-cyclone-0.2~beta3/shared/common/binport.c:595:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pd_header[3] = { '#', 'N', ' ' }; /* canvas or struct */
data/pd-cyclone-0.2~beta3/shared/common/binport.c:634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[4];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:713:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:719:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(namebuf, "rb"))
data/pd-cyclone-0.2~beta3/shared/common/binport.c:779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:785:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(namebuf, "w"))
data/pd-cyclone-0.2~beta3/shared/common/binport.c:787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BINPORT_MAXSTRING];
data/pd-cyclone-0.2~beta3/shared/common/binport.c:823:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(av[1], "rb");
data/pd-cyclone-0.2~beta3/shared/common/fitter.c:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/grow.c:52:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufp, bufini, *nexisting * typesize);
data/pd-cyclone-0.2~beta3/shared/common/grow.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*startp, oldstart, *nexisting * typesize);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1001], *bufp, *ebuf = buf + 1000;
data/pd-cyclone-0.2~beta3/shared/common/lex.c:169:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ap->a_w.w_index = atoi(buf+1);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:182:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ap->a_w.w_index = atoi(buf);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:210:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%#f", ap->a_w.w_float);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:227:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bp, "\\%.3o", (unsigned char)*sp++), bp += 4;
data/pd-cyclone-0.2~beta3/shared/common/lex.c:233:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "$%d", ap->a_w.w_index);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:240:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", ap->a_w.w_index);
data/pd-cyclone-0.2~beta3/shared/common/lex.c:248:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "???");
data/pd-cyclone-0.2~beta3/shared/common/loud.c:47:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16]; /* assuming 10-digit INT_MAX */
data/pd-cyclone-0.2~beta3/shared/common/loud.c:48:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%dth", n);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:57:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy(ptr, "st"); break;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:58:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy(ptr, "nd"); break;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:59:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 3: strcpy(ptr, "rd"); break;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:244:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:395:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:410:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/loud.c:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h_type[4];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char th_type[4];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:345:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *printformat[MIFIMETA_MAXPRINTABLE+1] =
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:531:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmess[MAXPDSTRING], path[MAXPDSTRING], *fnameptr;
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:537:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmess, "cannot open");
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:551:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmess, "cannot open");
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:557:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmess, "missing header of");
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:585:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:860:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tnamebuf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:947:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tnamebuf, "%d-track", i);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmess[MAXPDSTRING], fnamebuf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1333:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmess, "cannot open");
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1339:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(errmess, "cannot write header of");
data/pd-cyclone-0.2~beta3/shared/common/os.c:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPDSTRING+2], *nameptr;
data/pd-cyclone-0.2~beta3/shared/common/os.c:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPDSTRING+2];
data/pd-cyclone-0.2~beta3/shared/common/patchvalue.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/common/port.c:951:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pd-cyclone-0.2~beta3/shared/common/port.c:954:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "port-%02d.pict", ++x->x_pictno);
data/pd-cyclone-0.2~beta3/shared/common/port.c:1342:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/pd-cyclone-0.2~beta3/shared/common/port.c:1580:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pd-cyclone-0.2~beta3/shared/common/port.c:1581:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "$%d", ap->a_w.w_index);
data/pd-cyclone-0.2~beta3/shared/common/port.c:1586:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pd-cyclone-0.2~beta3/shared/common/port.c:1608:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING], *bufp;
data/pd-cyclone-0.2~beta3/shared/common/props.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p_mixupescapes[PROPS_MAXMIXUPS];
data/pd-cyclone-0.2~beta3/shared/common/qtree.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/hammer/file.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pd-cyclone-0.2~beta3/shared/hammer/file.c:517:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "miXed.%lx", (unsigned long)result);
data/pd-cyclone-0.2~beta3/shared/hammer/file.c:527:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "miXed.%lx", (unsigned long)f);
data/pd-cyclone-0.2~beta3/shared/hammer/file.c:543:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pd-cyclone-0.2~beta3/shared/hammer/file.c:544:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "miXed.%lx", (unsigned long)result);
data/pd-cyclone-0.2~beta3/shared/hammer/tree.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/shared.h:129:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define sys_open open
data/pd-cyclone-0.2~beta3/shared/shared.h:130:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define sys_fopen fopen
data/pd-cyclone-0.2~beta3/shared/sickle/arsic.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/shared/unstable/fragile.c:62:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&auxmp, mp, sizeof(t_methodentry));
data/pd-cyclone-0.2~beta3/shared/unstable/fragile.c:63:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp, topmp, sizeof(t_methodentry));
data/pd-cyclone-0.2~beta3/shared/unstable/fragile.c:64:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(topmp, &auxmp, sizeof(t_methodentry));
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symname[MAXPDSTRING], filename[MAXPDSTRING], *lastdot;
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:78:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(symname + (strlen(symname) - 1), "_tilde");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:80:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(symname, "_setup");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirbuf[MAXPDSTRING], *nameptr;
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[MAXPDSTRING], *slash, *nameptr;
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[MAXPDSTRING], *name;
data/pd-cyclone-0.2~beta3/sickle/Scope.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_tag[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_fgtag[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_bgtag[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_gridtag[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h_pathname[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h_outlinetag[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:674:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[200 * SCOPE_GUICHUNKXY]; /* LATER estimate */
data/pd-cyclone-0.2~beta3/sickle/Scope.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd1[64], cmd2[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:682:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd1, ".x%lx.c create line", (unsigned long)cv);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:769:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[32 * SCOPE_GUICHUNKMONO]; /* LATER estimate */
data/pd-cyclone-0.2~beta3/sickle/Scope.c:787:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(chunkp, "%d %d ", (int)xx, (int)yy);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:791:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(chunkp, "\\\n");
data/pd-cyclone-0.2~beta3/sickle/Scope.c:802:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(chunkp, "%d %d ", (int)xx, (int)yy);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:846:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sh->h_pathname, ".x%lx.h%lx", (unsigned long)cv, (unsigned long)sh);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1024:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1048:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_tag, "all%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1049:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_bgtag, "bg%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1050:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_gridtag, "gr%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1051:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_fgtag, "fg%lx", (unsigned long)x);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1062:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_h%lx", (unsigned long)sh);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:1064:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sh->h_outlinetag, "h%lx", (unsigned long)sh);
data/pd-cyclone-0.2~beta3/sickle/buffir.c:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_histhi + pos - x->x_histsize,
data/pd-cyclone-0.2~beta3/sickle/buffir.c:81:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x->x_histhi + pos - x->x_histsize,
data/pd-cyclone-0.2~beta3/sickle/capture.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_format[8];
data/pd-cyclone-0.2~beta3/sickle/capture.c:55:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cnt += sprintf(bp, "%d", (int)f);
data/pd-cyclone-0.2~beta3/sickle/capture.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/sickle/capture.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-cyclone-0.2~beta3/sickle/capture.c:375:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x->x_format, "%%.%dg", precision);
data/pd-cyclone-0.2~beta3/hammer/Table.c:281:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fn->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/Table.c:316:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fn->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/coll.c:596:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fn->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/coll.c:681:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fn->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/coll.c:1475:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/pd-cyclone-0.2~beta3/hammer/comment.c:124:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:131:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:134:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:140:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:143:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:146:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:253:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/comment.c:257:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outp += strlen(outp);
data/pd-cyclone-0.2~beta3/hammer/fromsymbol.c:40:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
binbuf_text(bb, sname, strlen(sname));
data/pd-cyclone-0.2~beta3/hammer/mtr.c:487:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, fname->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/mtr.c:501:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (linelen = strlen(line))
data/pd-cyclone-0.2~beta3/hammer/mtr.c:579:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = 80 + strlen(ap->a_w.w_symbol->s_name);
data/pd-cyclone-0.2~beta3/hammer/mtr.c:607:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(bp);
data/pd-cyclone-0.2~beta3/hammer/mtr.c:635:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, fname->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1012:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fn->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1037:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fn->s_name, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1088:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/pd-cyclone-0.2~beta3/hammer/seq.c:1092:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += strlen(buf);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:107:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s->s_name) > SPRINTF_MAXWIDTH)
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:109:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s->s_name, SPRINTF_MAXWIDTH);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:169:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(outp, inp, len);
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:186:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
binbuf_text(bb, outp, strlen(outp));
data/pd-cyclone-0.2~beta3/hammer/sprintf.c:323:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newsize = size + strlen(atomtext) + 1;
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:74:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bp, s->s_name, nleft);
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:75:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:86:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bp, sepstring, nleft);
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:87:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/pd-cyclone-0.2~beta3/hammer/tosymbol.c:94:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(bp);
data/pd-cyclone-0.2~beta3/shadow/dummies.c:137:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= 3 && *name == '$')
data/pd-cyclone-0.2~beta3/shadow/dummies.c:576:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(msg);
data/pd-cyclone-0.2~beta3/shadow/dummies.c:584:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = 1 + strlen(sl->s_name);
data/pd-cyclone-0.2~beta3/shared/common/binport.c:117:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(fp)) == EOF)
data/pd-cyclone-0.2~beta3/shared/common/binport.c:179:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (c = fgetc(fp))
data/pd-cyclone-0.2~beta3/shared/common/binport.c:215:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((typecode = fgetc(old->o_fp)) != EOF)
data/pd-cyclone-0.2~beta3/shared/common/binport.c:716:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(namebuf, dirname), strcat(namebuf, "/");
data/pd-cyclone-0.2~beta3/shared/common/binport.c:782:32: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(namebuf, dirname), strcat(namebuf, "/");
data/pd-cyclone-0.2~beta3/shared/common/lex.c:20:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ich = fgetc(lx->l_fp)) == EOF)
data/pd-cyclone-0.2~beta3/shared/common/lex.c:206:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, ";"); break;
data/pd-cyclone-0.2~beta3/shared/common/lex.c:208:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, ","); break;
data/pd-cyclone-0.2~beta3/shared/common/lex.c:211:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep = buf + strlen(buf) - 1;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:54:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ptr = buf + strlen(buf) - 2;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:86:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
post("%*s%s", (int)(x ? strlen(class_getname(*x)) + 10
data/pd-cyclone-0.2~beta3/shared/common/loud.c:87:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: strlen(LOUD_ERROR_DEFAULT) + 1), "", buf);
data/pd-cyclone-0.2~beta3/shared/common/loud.c:285:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lc->lc_cnsize = strlen(callername) + 1;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:300:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lc->lc_andindent = strlen(class_getname(*caller)) + 10;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:302:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lc->lc_andindent = strlen(s->s_name) + 10;
data/pd-cyclone-0.2~beta3/shared/common/loud.c:304:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lc->lc_andindent = strlen(LOUD_ERROR_DEFAULT) + 1;
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:306:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mifievent_setlength(ep, strlen(text) + 1))
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:384:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c = fgetc(mr->mr_fp)) == EOF)
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:543:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *slashpos = path + strlen(path);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:586:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, th.th_type, 4);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1317:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(mw->mw_header.h_type, "MThd", 4);
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1329:33: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fnamebuf, dirname), strcat(fnamebuf, "/");
data/pd-cyclone-0.2~beta3/shared/common/mifi.c:1400:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(th.th_type, "MTrk", 4);
data/pd-cyclone-0.2~beta3/shared/common/os.c:25:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(cwd));
data/pd-cyclone-0.2~beta3/shared/common/os.c:42:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(home) + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:42:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(home) + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:63:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (2 + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:71:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:85:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:92:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ndx = strlen(cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:97:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(cwd) + strlen(path) - 1);
data/pd-cyclone-0.2~beta3/shared/common/os.c:97:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(cwd) + strlen(path) - 1);
data/pd-cyclone-0.2~beta3/shared/common/os.c:108:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ndx = strlen(cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:113:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(cwd) + 1 + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:113:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(cwd) + 1 + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:119:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ndx = strlen(cwd);
data/pd-cyclone-0.2~beta3/shared/common/os.c:124:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(cwd) + 1 + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:124:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else return (strlen(cwd) + 1 + strlen(path));
data/pd-cyclone-0.2~beta3/shared/common/os.c:131:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ndx = strlen(result);
data/pd-cyclone-0.2~beta3/shared/common/os.c:214:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *slashpos = path + strlen(path);
data/pd-cyclone-0.2~beta3/shared/common/os.c:231:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, filename, MAXPDSTRING);
data/pd-cyclone-0.2~beta3/shared/common/props.c:63:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep->e_key = getbytes(strlen(key) + 1);
data/pd-cyclone-0.2~beta3/shared/common/props.c:65:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep->e_value = getbytes(strlen(value) + 1);
data/pd-cyclone-0.2~beta3/shared/common/props.c:73:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ep->e_key) freebytes(ep->e_key, strlen(ep->e_key) + 1);
data/pd-cyclone-0.2~beta3/shared/common/props.c:74:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ep->e_value) freebytes(ep->e_value, strlen(ep->e_value) + 1);
data/pd-cyclone-0.2~beta3/shared/common/props.c:94:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep->e_value = resizebytes(ep->e_value, strlen(ep->e_value) + 1,
data/pd-cyclone-0.2~beta3/shared/common/props.c:95:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value) + 1);
data/pd-cyclone-0.2~beta3/shared/common/props.c:97:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep->e_value = getbytes(strlen(value) + 1);
data/pd-cyclone-0.2~beta3/shared/unstable/fragile.c:215:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ndx, len = strlen(msg);
data/pd-cyclone-0.2~beta3/shared/unstable/fragile.c:222:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = 1 + strlen(s->s_name);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:64:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(filename, "/");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:71:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(symname, "_");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:77:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (symname[strlen(symname) - 1] == '~')
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:78:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(symname + (strlen(symname) - 1), "_tilde");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:151:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dirname) + strlen(classname) + strlen(sys_dllextent) + 3 <
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:151:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dirname) + strlen(classname) + strlen(sys_dllextent) + 3 <
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:151:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dirname) + strlen(classname) + strlen(sys_dllextent) + 3 <
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:156:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*dirname && namebuf[strlen(namebuf)-1] != '/')
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:157:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(namebuf, "/");
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:183:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(name), extlen = strlen(sys_dllextent);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:183:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(name), extlen = strlen(sys_dllextent);
data/pd-cyclone-0.2~beta3/shared/unstable/loader.c:187:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, name, namelen);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:704:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkp += strlen(chunkp);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:726:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkp += strlen(chunkp);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:788:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkp += strlen(chunkp);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:803:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkp += strlen(chunkp);
data/pd-cyclone-0.2~beta3/sickle/Scope.c:806:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(chunkp, "\n");
ANALYSIS SUMMARY:
Hits = 445
Lines analyzed = 42895 in approximately 1.04 seconds (41176 lines/second)
Physical Source Lines of Code (SLOC) = 37079
Hits@level = [0] 51 [1] 103 [2] 254 [3] 2 [4] 86 [5] 0
Hits@level+ = [0+] 496 [1+] 445 [2+] 342 [3+] 88 [4+] 86 [5+] 0
Hits/KSLOC@level+ = [0+] 13.3768 [1+] 12.0014 [2+] 9.22355 [3+] 2.37331 [4+] 2.31937 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.