Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pvm-3.4.6/xep/myalloc.h
Examining data/pvm-3.4.6/xep/hostc.c
Examining data/pvm-3.4.6/xep/calc.c
Examining data/pvm-3.4.6/xep/imp.c
Examining data/pvm-3.4.6/xep/hostc.h
Examining data/pvm-3.4.6/xep/mtile.c
Examining data/pvm-3.4.6/xep/xep.c
Examining data/pvm-3.4.6/xep/mmain.c
Examining data/pvm-3.4.6/xep/imp.h
Examining data/pvm-3.4.6/include/pvmtev.h
Examining data/pvm-3.4.6/include/fpvm3_watcom.h
Examining data/pvm-3.4.6/include/pvmproto.h
Examining data/pvm-3.4.6/include/pvm3.h
Examining data/pvm-3.4.6/include/fpvm3.h
Examining data/pvm-3.4.6/libfpvm/ftocstr.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfscatter.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetctx.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetsbuf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmffreebuf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/watforstr.h
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfunpack.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgettid.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfpsend.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfspawn.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsiblings.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfmstat.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfdelhost.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmflvgrp.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfpstat.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfstartpvmd.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfnewctx.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmftrecv.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfbufinfo.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfdelinfo.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfperror.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsetsbuf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsendsig.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfrecvinfo.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfbcast.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfpack.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfmytid.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsetrbuf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfprecv.c
Examining data/pvm-3.4.6/libfpvm/WIN32/ftocstr.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfconfig.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetopt.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfparent.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmftasks.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfexit.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetrbuf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfprobe.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmftidtoh.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetinst.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfmcast.c
Examining data/pvm-3.4.6/libfpvm/WIN32/pvm_consts.h
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfcatchout.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfrecv.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgather.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsetctx.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfbarrier.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsetopt.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfaddhost.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsleep.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfhostsync.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfhalt.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfnrecv.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmffrzgrp.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfjoingrp.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetinfo.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfinitsend.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfkill.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfsend.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfdelmhf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfreduce.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfarchcode.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfmkbuf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfaddmhf.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfnotify.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmffreectx.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfgsize.c
Examining data/pvm-3.4.6/libfpvm/WIN32/Pvmfputinfo.c
Examining data/pvm-3.4.6/libfpvm/pvm_consts.h
Examining data/pvm-3.4.6/console/job.h
Examining data/pvm-3.4.6/console/myalloc.h
Examining data/pvm-3.4.6/console/cmd.h
Examining data/pvm-3.4.6/console/trc.c
Examining data/pvm-3.4.6/console/job.c
Examining data/pvm-3.4.6/console/cmds.c
Examining data/pvm-3.4.6/console/cons.c
Examining data/pvm-3.4.6/gexamples/gs.c
Examining data/pvm-3.4.6/gexamples/tjl.c
Examining data/pvm-3.4.6/gexamples/ge.c
Examining data/pvm-3.4.6/gexamples/tnb.c
Examining data/pvm-3.4.6/gexamples/tjf.c
Examining data/pvm-3.4.6/gexamples/thb.c
Examining data/pvm-3.4.6/gexamples/gexamp.c
Examining data/pvm-3.4.6/gexamples/joinleave.c
Examining data/pvm-3.4.6/gexamples/tst.c
Examining data/pvm-3.4.6/gexamples/trsg.c
Examining data/pvm-3.4.6/tasker/tasker.c
Examining data/pvm-3.4.6/pvmgs/pvmgs_func.c
Examining data/pvm-3.4.6/pvmgs/pvm_gstat.c
Examining data/pvm-3.4.6/pvmgs/pvmgs_ds.h
Examining data/pvm-3.4.6/pvmgs/pvmgs_decl.h
Examining data/pvm-3.4.6/pvmgs/pvmgsu_aux.c
Examining data/pvm-3.4.6/pvmgs/pvmgroups.c
Examining data/pvm-3.4.6/pvmgs/pvmgs_core.c
Examining data/pvm-3.4.6/pvmgs/pvmgsd.h
Examining data/pvm-3.4.6/pvmgs/pvmgs_const.h
Examining data/pvm-3.4.6/pvmgs/pvmgs_mac.h
Examining data/pvm-3.4.6/pvmgs/pvmgsu_core.c
Examining data/pvm-3.4.6/src/host.h
Examining data/pvm-3.4.6/src/tev.c
Examining data/pvm-3.4.6/src/lpvmmimd.c
Examining data/pvm-3.4.6/src/listmac.h
Examining data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c
Examining data/pvm-3.4.6/src/pvmerr.c
Examining data/pvm-3.4.6/src/pkt.c
Examining data/pvm-3.4.6/src/mppchunk.c
Examining data/pvm-3.4.6/src/mppchunk.h
Examining data/pvm-3.4.6/src/pvmshmem.h
Examining data/pvm-3.4.6/src/pvmfrag.c
Examining data/pvm-3.4.6/src/pvmmimd.h
Examining data/pvm-3.4.6/src/pvmmagic.h
Examining data/pvm-3.4.6/src/lmsg.c
Examining data/pvm-3.4.6/src/OS2/src/deathapi.c
Examining data/pvm-3.4.6/src/OS2/src/ruserpas.c
Examining data/pvm-3.4.6/src/OS2/src/os2spawn.c
Examining data/pvm-3.4.6/src/OS2/src/rexec.c
Examining data/pvm-3.4.6/src/OS2/src/sthoster.c
Examining data/pvm-3.4.6/src/OS2/src/stdlog.c
Examining data/pvm-3.4.6/src/task.h
Examining data/pvm-3.4.6/src/waitc.h
Examining data/pvm-3.4.6/src/waitc.c
Examining data/pvm-3.4.6/src/pvmwin.h
Examining data/pvm-3.4.6/src/pvmshmem.c
Examining data/pvm-3.4.6/src/pvmalloc.c
Examining data/pvm-3.4.6/src/pvmdpack.c
Examining data/pvm-3.4.6/src/mppmsg.h
Examining data/pvm-3.4.6/src/lpvmmpp.c
Examining data/pvm-3.4.6/src/pvmshmmsg.c
Examining data/pvm-3.4.6/src/hoster.c
Examining data/pvm-3.4.6/src/msgbox.c
Examining data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c
Examining data/pvm-3.4.6/src/lpvmcat.c
Examining data/pvm-3.4.6/src/lpvmmisc.h
Examining data/pvm-3.4.6/src/pmsg.c
Examining data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c
Examining data/pvm-3.4.6/src/pvmalloc.h
Examining data/pvm-3.4.6/src/tvdefs.h
Examining data/pvm-3.4.6/src/patchlevel.h
Examining data/pvm-3.4.6/src/pvmdunix.c
Examining data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c
Examining data/pvm-3.4.6/src/lmsg.h
Examining data/pvm-3.4.6/src/regex/regex.h
Examining data/pvm-3.4.6/src/regex/pvmregex.c
Examining data/pvm-3.4.6/src/regex/regex.c
Examining data/pvm-3.4.6/src/lpvmpack.c
Examining data/pvm-3.4.6/src/pmsg.h
Examining data/pvm-3.4.6/src/pvmdshmem.c
Examining data/pvm-3.4.6/src/imalloc.c
Examining data/pvm-3.4.6/src/mppmsg.c
Examining data/pvm-3.4.6/src/pvmdtev.c
Examining data/pvm-3.4.6/src/bfunc.h
Examining data/pvm-3.4.6/src/tevmac.h
Examining data/pvm-3.4.6/src/task.c
Examining data/pvm-3.4.6/src/pvmshmmsg.h
Examining data/pvm-3.4.6/src/lpvmshmem.c
Examining data/pvm-3.4.6/src/msgbox.h
Examining data/pvm-3.4.6/src/lpvm.h
Examining data/pvm-3.4.6/src/lpvmglob.c
Examining data/pvm-3.4.6/src/global.c
Examining data/pvm-3.4.6/src/pvmdabuf.c
Examining data/pvm-3.4.6/src/pvmfrag.h
Examining data/pvm-3.4.6/src/pvmdmp.h
Examining data/pvm-3.4.6/src/pkt.h
Examining data/pvm-3.4.6/src/sdpro.c
Examining data/pvm-3.4.6/src/pvmwin.c
Examining data/pvm-3.4.6/src/PGON/pvmdmimd.c
Examining data/pvm-3.4.6/src/pvmlog.c
Examining data/pvm-3.4.6/src/nmdclass.c
Examining data/pvm-3.4.6/src/pvmdabuf.h
Examining data/pvm-3.4.6/src/lpvmgen.c
Examining data/pvm-3.4.6/src/pvmcruft.c
Examining data/pvm-3.4.6/src/global.h
Examining data/pvm-3.4.6/src/host.c
Examining data/pvm-3.4.6/src/pvmd.c
Examining data/pvm-3.4.6/src/lpvm.c
Examining data/pvm-3.4.6/src/tdpro.c
Examining data/pvm-3.4.6/src/ddpro.c
Examining data/pvm-3.4.6/rm/srm.c
Examining data/pvm-3.4.6/rm/srm.h
Examining data/pvm-3.4.6/shmd/sem.c
Examining data/pvm-3.4.6/shmd/shmdproto.h
Examining data/pvm-3.4.6/shmd/shmd.h
Examining data/pvm-3.4.6/shmd/tidinfo.c
Examining data/pvm-3.4.6/shmd/block.c
Examining data/pvm-3.4.6/shmd/sendrecv.c
Examining data/pvm-3.4.6/shmd/pvm_shmd.c
Examining data/pvm-3.4.6/shmd/pvm_shmd_stat.c
Examining data/pvm-3.4.6/examples/inherit1.c
Examining data/pvm-3.4.6/examples/inherita.c
Examining data/pvm-3.4.6/examples/inherit2.c
Examining data/pvm-3.4.6/examples/task0.c
Examining data/pvm-3.4.6/examples/ptest.c
Examining data/pvm-3.4.6/examples/starter.c
Examining data/pvm-3.4.6/examples/mhf_server.c
Examining data/pvm-3.4.6/examples/gexample.c
Examining data/pvm-3.4.6/examples/inherit3.c
Examining data/pvm-3.4.6/examples/timing_slave.c
Examining data/pvm-3.4.6/examples/hello.c
Examining data/pvm-3.4.6/examples/timing.c
Examining data/pvm-3.4.6/examples/rme.c
Examining data/pvm-3.4.6/examples/slave1.c
Examining data/pvm-3.4.6/examples/mbox.c
Examining data/pvm-3.4.6/examples/bwtest.c
Examining data/pvm-3.4.6/examples/hello_other.c
Examining data/pvm-3.4.6/examples/spmd.c
Examining data/pvm-3.4.6/examples/taskf.c
Examining data/pvm-3.4.6/examples/lmbi.c
Examining data/pvm-3.4.6/examples/gmbi.c
Examining data/pvm-3.4.6/examples/task_end.c
Examining data/pvm-3.4.6/examples/mhf_tickle.c
Examining data/pvm-3.4.6/examples/inheritb.c
Examining data/pvm-3.4.6/examples/task1.c
Examining data/pvm-3.4.6/examples/master1.c
Examining data/pvm-3.4.6/xdr/xdr.h
Examining data/pvm-3.4.6/xdr/types.h
Examining data/pvm-3.4.6/xdr/xdr_floa.c
Examining data/pvm-3.4.6/xdr/xdr.c
Examining data/pvm-3.4.6/xdr/xdr_mem.c
Examining data/pvm-3.4.6/tracer/trcfile.c
Examining data/pvm-3.4.6/tracer/tracer.h
Examining data/pvm-3.4.6/tracer/trcproto.h
Examining data/pvm-3.4.6/tracer/trccompatrev.h
Examining data/pvm-3.4.6/tracer/trcdef.h
Examining data/pvm-3.4.6/tracer/trccompat.c
Examining data/pvm-3.4.6/tracer/trccompat.h
Examining data/pvm-3.4.6/tracer/trclib.c
Examining data/pvm-3.4.6/tracer/trcglob.h
Examining data/pvm-3.4.6/tracer/trcmess.c
Examining data/pvm-3.4.6/tracer/trccompatglob.c
Examining data/pvm-3.4.6/tracer/trcsort.c
Examining data/pvm-3.4.6/tracer/trcglob.c
Examining data/pvm-3.4.6/tracer/cmd.c
Examining data/pvm-3.4.6/tracer/trctype.h
Examining data/pvm-3.4.6/tracer/tracer.c
Examining data/pvm-3.4.6/tracer/trclib.h
Examining data/pvm-3.4.6/tracer/trcutil.c
Examining data/pvm-3.4.6/hoster/hoster.c
Examining data/pvm-3.4.6/hoster/pvmwinrexec.c
Examining data/pvm-3.4.6/hoster/pvmwinrsh.c
Examining data/pvm-3.4.6/misc/xhoster/myalloc.h
Examining data/pvm-3.4.6/misc/xhoster/hostc.c
Examining data/pvm-3.4.6/misc/xhoster/hostc.h
Examining data/pvm-3.4.6/misc/xhoster/xhoster.c
Examining data/pvm-3.4.6/misc/pvm_fork.c
FINAL RESULTS:
data/pvm-3.4.6/src/pvmd.c:4212:7: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&SecDescript,TRUE,NULL,FALSE);
data/pvm-3.4.6/src/pvmd.c:4212:7: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&SecDescript,TRUE,NULL,FALSE);
data/pvm-3.4.6/console/cmds.c:721:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( user, pw->pw_name );
data/pvm-3.4.6/console/cmds.c:725:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( user, MyGetUserName() );
data/pvm-3.4.6/console/cmds.c:757:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tcmd, pvmgetrsh() );
data/pvm-3.4.6/console/cmds.c:928:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pvmroot, result );
data/pvm-3.4.6/console/cmds.c:947:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s/lib/pvmd", pvmroot );
data/pvm-3.4.6/console/cmds.c:980:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pvmarch, result );
data/pvm-3.4.6/console/cmds.c:1011:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pvmarch, result );
data/pvm-3.4.6/console/cmds.c:1027:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "\\ls $PVM_ROOT/lib/%s/pvmd3", pvmarch );
data/pvm-3.4.6/console/cmds.c:1029:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "dir /B /L %%PVM_ROOT%%\\lib\\%s\\pvmd3.exe",
data/pvm-3.4.6/console/cmds.c:1038:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s/lib/%s/pvmd3", pvmroot, pvmarch );
data/pvm-3.4.6/console/cmds.c:1069:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pvmtmp, result );
data/pvm-3.4.6/console/cmds.c:1092:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "\\ls -l %s/pvmd.* | grep %s",
data/pvm-3.4.6/console/cmds.c:1096:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "dir /B /L %s\\pvmd.%s",
data/pvm-3.4.6/console/cmds.c:1189:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tcmd, "%s ", pvmgetrsh() );
data/pvm-3.4.6/console/cmds.c:1192:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "-l %s ", hp->hd_login );
data/pvm-3.4.6/console/cmds.c:1193:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tcmd, tmp );
data/pvm-3.4.6/console/cmds.c:1196:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s '%s' ", hp->hd_name, cmd );
data/pvm-3.4.6/console/cmds.c:1197:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tcmd, tmp );
data/pvm-3.4.6/console/cmds.c:1201:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( tcmd, tmp );
data/pvm-3.4.6/console/cmds.c:1206:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen( tcmd, "r" );
data/pvm-3.4.6/console/cmds.c:2034:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, av[1]);
data/pvm-3.4.6/console/cmds.c:2038:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, sep);
data/pvm-3.4.6/console/cmds.c:2039:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, av[i]);
data/pvm-3.4.6/console/cmds.c:2362:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, tflgs[i]);
data/pvm-3.4.6/console/cmds.c:2638:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, av[i] + 4);
data/pvm-3.4.6/console/cmds.c:2640:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, av[i]);
data/pvm-3.4.6/console/cons.c:423:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s/.pvmrc", p);
data/pvm-3.4.6/console/myalloc.h:77:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/examples/gmbi.c:99:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pattern, argv[1] ); /* copy expression to local */
data/pvm-3.4.6/examples/inherit1.c:63:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/examples/inherit1.c:83:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf,
data/pvm-3.4.6/examples/inherit1.c:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s: t%x %s\n", me, tid, buf2 );
data/pvm-3.4.6/examples/inherit1.c:105:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/examples/inherit1.c:113:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf,
data/pvm-3.4.6/examples/inherit2.c:62:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "\t%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/examples/inherit3.c:62:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/examples/inherit3.c:73:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/examples/inherit3.c:96:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf,
data/pvm-3.4.6/examples/inherit3.c:115:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s: t%x %s\n", me, tid, buf2 );
data/pvm-3.4.6/examples/inherit3.c:124:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/examples/inherit3.c:132:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf,
data/pvm-3.4.6/examples/lmbi.c:117:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( flagc, argv[2] ); /* copy flags to local */
data/pvm-3.4.6/examples/lmbi.c:170:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( service_name, "t%x%s%d", mytid, me, i );
data/pvm-3.4.6/examples/lmbi.c:171:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( message,
data/pvm-3.4.6/examples/mbox.c:245:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( CLASS_NAME, MBOX_CLASS );
data/pvm-3.4.6/examples/mbox.c:299:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( CLASS_NAME, arg + 5 );
data/pvm-3.4.6/examples/mbox.c:523:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pattern, cmds[1] );
data/pvm-3.4.6/examples/mhf_server.c:395:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: PMH: %s", me, msg_txt );
data/pvm-3.4.6/examples/mhf_server.c:409:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg,
data/pvm-3.4.6/examples/mhf_server.c:460:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg,
data/pvm-3.4.6/examples/mhf_server.c:470:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: DMH: BEFORE delete with pvm_delmhf( mhid = %d )", me, mhid );
data/pvm-3.4.6/examples/mhf_server.c:474:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg,"%s: pvm_delmhf failed - no such handler existed.", me );
data/pvm-3.4.6/examples/mhf_server.c:478:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: DMH: AFTER delete with pvm_delmhf( mhid = %d )", me, mhid );
data/pvm-3.4.6/examples/mhf_server.c:484:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: ERJ: BEFORE pvm_exit( )", me );
data/pvm-3.4.6/examples/mhf_server.c:496:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: ERJ: AFTER pvm_exit( )", me );
data/pvm-3.4.6/examples/mhf_server.c:510:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: ERJ: rejoin pvm AFTER pvm_exit( )", me );
data/pvm-3.4.6/examples/mhf_server.c:553:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: HIT:", me );
data/pvm-3.4.6/examples/mhf_server.c:565:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "%s: CEAT: Termiate Self...", me );
data/pvm-3.4.6/examples/starter.c:76:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prog_name, argv[0]);
data/pvm-3.4.6/examples/task0.c:103:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( flagc, argv[2] ); /* copy flags to local */
data/pvm-3.4.6/examples/task1.c:108:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( flagc, argv[3] ); /* copy flags to local */
data/pvm-3.4.6/examples/task1.c:204:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg_txt, "\t%s t%x on machine <%s> with context %d.",
data/pvm-3.4.6/hoster/hoster.c:94:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/hoster/hoster.c:926:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/hoster/pvmwinrexec.c:134:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retresult,res);
data/pvm-3.4.6/hoster/pvmwinrexec.c:236:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(res,"stdout@%s: %s\n",hn,buf);
data/pvm-3.4.6/hoster/pvmwinrsh.c:114:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff,b);
data/pvm-3.4.6/hoster/pvmwinrsh.c:118:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(res,"stdout@%s: %s\n",hostname,buff);
data/pvm-3.4.6/hoster/pvmwinrsh.c:234:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdbuff+cmdbufflen, luserName); // locuser
data/pvm-3.4.6/hoster/pvmwinrsh.c:237:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdbuff+cmdbufflen, ruserName); // remuser
data/pvm-3.4.6/hoster/pvmwinrsh.c:240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdbuff+cmdbufflen, cmd); // command
data/pvm-3.4.6/hoster/pvmwinrsh.c:330:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ruserName,username);
data/pvm-3.4.6/hoster/pvmwinrsh.c:331:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(luserName,(char *)MyGetUserName());
data/pvm-3.4.6/hoster/pvmwinrsh.c:343:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retresult,res);
data/pvm-3.4.6/misc/xhoster/myalloc.h:66:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/misc/xhoster/xhoster.c:58:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/misc/xhoster/xhoster.c:218:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "Host %s deleted\n", hp->name);
data/pvm-3.4.6/misc/xhoster/xhoster.c:588:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "%2d. %s\n", i + 1, hp->h_login);
data/pvm-3.4.6/misc/xhoster/xhoster.c:632:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Enter password for %s:\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:808:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "Giving up on host %s after %d secs\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:884:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stderr@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:895:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stderr@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:903:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stderr@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:927:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stdout@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:935:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stdout@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:947:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stdout@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:955:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stdout@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:961:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stdout@%s",
data/pvm-3.4.6/misc/xhoster/xhoster.c:965:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stdout@%s: EOF\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:971:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "stderr@%s: %s\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:1025:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "Can't start %s, manual startup specified\n",
data/pvm-3.4.6/misc/xhoster/xhoster.c:1109:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/misc/xhoster/xhoster.c:1136:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scribble, "Permission denied for %s\n", hn);
data/pvm-3.4.6/pvmgs/pvmgs_func.c:147:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rvalue->name,groupname);
data/pvm-3.4.6/rm/srm.c:242:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_buf, "PVMTMASK=%s", pvmctrc.tmask);
data/pvm-3.4.6/shmd/pvm_shmd.c:477:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (fullname, hname);
data/pvm-3.4.6/shmd/pvm_shmd_stat.c:32:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (shmdname, hname);
data/pvm-3.4.6/shmd/sendrecv.c:535:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (shmdname, hname);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:278:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:287:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:293:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,"LOADLBATCH=%s - not set to yes\n",hfn);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:311:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defaultpool,hfn);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:316:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() fopen %s\n", hfn);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:321:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(hfp, "%s", nname) != EOF)
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:327:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(hfp, "%s", nname);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:339:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mpiadapter,MPIOPARG3); /* IP over switch */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:371:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() open %s", nodefile);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() fdopen %s", nodefile);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:381:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() POE host file: %s\n", nodefile);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:573:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, *ep);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:582:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() stat failed <%s>\n", path);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:635:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "%s.host", name);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:696:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() didn't find <%s>\n", name);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:730:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s", nname);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:745:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:900:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PVMSOCK=%s", p);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:927:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sockconn() accept from %s sock %d\n",
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:276:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:285:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:291:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,"LOADLBATCH=%s - not set to yes\n",hfn);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:309:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defaultpool,hfn);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:314:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() fopen %s\n", hfn);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:319:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(hfp, "%s", nname) != EOF)
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:325:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(hfp, "%s", nname);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:337:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mpiadapter,MPIOPARG3); /* IP over switch */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:368:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() open %s", nodefile);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:373:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() fdopen %s", nodefile);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:378:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() POE host file: %s\n", nodefile);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:570:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, *ep);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:579:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() stat failed <%s>\n", path);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:632:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "%s.host", name);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:693:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() didn't find <%s>\n", name);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:727:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s", nname);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:742:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:897:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PVMSOCK=%s", p);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:924:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sockconn() accept from %s sock %d\n",
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:197:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:238:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pvmtxt, "mpp_init() can't gethostbyname() for %s\n",
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:517:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, *ep);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:526:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() stat failed <%s>\n", path);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:566:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mppload(): Forking to %s\n", av[1]);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:574:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "%s.host", name);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:637:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() didn't find <%s>\n", name);
data/pvm-3.4.6/src/OS2/src/os2spawn.c:10:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s%i",idstr,0);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:57:12: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
*aname = getlogin();
data/pvm-3.4.6/src/OS2/src/ruserpas.c:80:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
*apass = getpass("");
data/pvm-3.4.6/src/OS2/src/ruserpas.c:106:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, comma);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:177:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf, "%s/.netrc", hdir);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:208:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*aname, tokval);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:225:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*apass, tokval);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:332:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldbuf,key);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:336:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result,nbs8encrypt(buf,oldbuf));
data/pvm-3.4.6/src/OS2/src/ruserpas.c:338:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldbuf,buf);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:353:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldbuf,key);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:358:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldbuf,nbs8decrypt(cpt,oldbuf));
data/pvm-3.4.6/src/OS2/src/ruserpas.c:359:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result,oldbuf);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:837:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sttyname,ttyname(2));
data/pvm-3.4.6/src/OS2/src/ruserpas.c:839:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sttyname,ttyname(0));
data/pvm-3.4.6/src/OS2/src/ruserpas.c:841:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sttyname,ttyname(1));
data/pvm-3.4.6/src/OS2/src/stdlog.c:10:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, argptr);
data/pvm-3.4.6/src/OS2/src/sthoster.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hosterpath,(char*)pvmgetroot());
data/pvm-3.4.6/src/PGON/pvmdmimd.c:600:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, *ep); /* search for file */
data/pvm-3.4.6/src/PGON/pvmdmimd.c:613:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(etext, "mpp_load() stat failed <%s>\n", path);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:651:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(etext, "mpp_load() loaded only %d <%s>\n", err, path);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:766:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(etext, "mpp_load() didn't find <%s>\n", name);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:1077:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(etext,
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:279:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:294:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,"LOADLBATCH=%s - not set to yes\n",hfn);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:312:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defaultpool,hfn);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:317:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() fopen %s\n", hfn);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:322:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(hfp, "%s", nname) != EOF)
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:328:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(hfp, "%s", nname);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:340:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mpiadapter,MPIOPARG3); /* IP over switch */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:371:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() open %s", nodefile);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:376:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() fdopen %s", nodefile);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:381:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sp2hostfile() POE host file: %s\n", nodefile);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:573:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, *ep);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:582:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() stat failed <%s>\n", path);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:635:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(c, "%s.host", name);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:696:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "mpp_load() didn't find <%s>\n", name);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:730:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp, "%s", nname);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:745:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:900:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PVMSOCK=%s", p);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:927:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "sockconn() accept from %s sock %d\n",
data/pvm-3.4.6/src/ddpro.c:1046:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s@%s", hp->hd_login,
data/pvm-3.4.6/src/ddpro.c:1063:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf, "%s %s -d0x%x -n%s %d %s %d",
data/pvm-3.4.6/src/ddpro.c:1073:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf + strlen(buf), " %d %s",
data/pvm-3.4.6/src/ddpro.c:1088:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf, "%s %s -d0x%x -n%s %d %s %d",
data/pvm-3.4.6/src/ddpro.c:1098:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf + strlen(buf), " %d %s",
data/pvm-3.4.6/src/ddpro.c:1197:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(hosterpath,(char *) pvmgetroot());
data/pvm-3.4.6/src/ddpro.c:1491:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "PVMTMASK=%s", pvmtracer.tmask );
data/pvm-3.4.6/src/ddpro.c:2021:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(s, "%x %d %d %x %d %d %d %d %s",
data/pvm-3.4.6/src/ddpro.c:2236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%x %d %d %x %d %d %d %d %s",
data/pvm-3.4.6/src/hoster.c:921:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/src/imalloc.c:508:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msbuf, "%s %d bytes total/%d globs free\n",
data/pvm-3.4.6/src/imalloc.c:512:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msbuf, "%s %d bytes total\n", DUMPHDR, totlnbyts);
data/pvm-3.4.6/src/imalloc.c:542:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msbuf, "%5d%c%4s 0x%08lx[%4d]",
data/pvm-3.4.6/src/lpvm.c:1249:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uns.sun_path, spath);
data/pvm-3.4.6/src/lpvm.c:1414:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uns.sun_path, buf);
data/pvm-3.4.6/src/lpvm.c:2465:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uns.sun_path, spath);
data/pvm-3.4.6/src/lpvm.c:2897:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uns.sun_path, p);
data/pvm-3.4.6/src/lpvm.c:3591:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn,(char *) pvmgetroot());
data/pvm-3.4.6/src/lpvm.c:3592:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fn,(char *) pathending);
data/pvm-3.4.6/src/lpvm.c:3608:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,av[i]);
data/pvm-3.4.6/src/lpvm.c:3687:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/src/lpvmgen.c:830:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
cc = vfprintf(stderr, fmt, ap);
data/pvm-3.4.6/src/lpvmgen.c:3208:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PVMTMASK=%s", pvmctrc.tmask);
data/pvm-3.4.6/src/lpvmgen.c:4812:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, vn);
data/pvm-3.4.6/src/lpvmgen.c:4814:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, e);
data/pvm-3.4.6/src/lpvmgen.c:4817:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p, name);
data/pvm-3.4.6/src/lpvmgen.c:4822:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(e, vn);
data/pvm-3.4.6/src/lpvmgen.c:4824:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(e, name);
data/pvm-3.4.6/src/lpvmgen.c:4864:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(enew, vn);
data/pvm-3.4.6/src/lpvmgen.c:4867:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(enew, q);
data/pvm-3.4.6/src/lpvmshmem.c:1273:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "peer_send() dst t%x tag %s ctx %d\n",
data/pvm-3.4.6/src/lpvmshmem.c:1389:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "msendrecv() to t%x tag %s\n", other,
data/pvm-3.4.6/src/lpvmshmem.c:1415:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "msendrecv() from t%x tag %s\n",
data/pvm-3.4.6/src/lpvmshmem.c:1540:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/pvmt.%d.%d", pvmtmp, pvm_useruid, scid);
data/pvm-3.4.6/src/lpvmshmem.c:1543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/pvmt.%d", pvmtmp, pvm_useruid);
data/pvm-3.4.6/src/lpvmshmem.c:2167:4: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(av[0], av);
data/pvm-3.4.6/src/lpvmshmem.c:2379:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname, PVMSHMFILE, pvmtmp, tid);
data/pvm-3.4.6/src/nmdclass.c:276:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "<%s>\n", np->nc_name);
data/pvm-3.4.6/src/pvmalloc.h:78:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/src/pvmcruft.c:760:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/pvmtmp%06d.%d", pvmtmp, getpid(), n);
data/pvm-3.4.6/src/pvmcruft.c:762:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\\pvmtmp%06d.%d", pvmtmp, getpid(), n);
data/pvm-3.4.6/src/pvmcruft.c:833:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(r, "%s%02x",
data/pvm-3.4.6/src/pvmcruft.c:1014:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pp, "%s/%s", r, PVMDFILE);
data/pvm-3.4.6/src/pvmcruft.c:1053:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, TDSOCKNAME_CSPP,
data/pvm-3.4.6/src/pvmcruft.c:1057:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, TDSOCKNAME, pvmtmp, pvm_useruid, hna);
data/pvm-3.4.6/src/pvmcruft.c:1063:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, TDSOCKNAME_CSPP, pvmtmp, pvm_useruid, scid);
data/pvm-3.4.6/src/pvmcruft.c:1067:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( buf, "%s\\pvmd.%s", pvmtmp, username );
data/pvm-3.4.6/src/pvmcruft.c:1069:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, TDSOCKNAME, pvmtmp, pvm_useruid);
data/pvm-3.4.6/src/pvmcruft.c:1077:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buf, p );
data/pvm-3.4.6/src/pvmcruft.c:1305:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, dflgs[i]);
data/pvm-3.4.6/src/pvmd.c:1022:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PVM_ARCH=%s", myarchname);
data/pvm-3.4.6/src/pvmd.c:1061:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(username,argv[i]);
data/pvm-3.4.6/src/pvmd.c:1064:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (strcmp(strcat("-u",username),argv[i])) {
data/pvm-3.4.6/src/pvmd.c:1343:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, ffnames[i]);
data/pvm-3.4.6/src/pvmd.c:3906:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, *ep);
data/pvm-3.4.6/src/pvmd.c:3909:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(path, name);
data/pvm-3.4.6/src/pvmd.c:4040:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/pvm-3.4.6/src/pvmd.c:4047:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path,argv);
data/pvm-3.4.6/src/pvmd.c:4055:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,*ep);
data/pvm-3.4.6/src/pvmd.c:4107:6: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path, argv);
data/pvm-3.4.6/src/pvmd.c:4290:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,name); /* store the filename */
data/pvm-3.4.6/src/pvmd.c:4297:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(path, *ep);
data/pvm-3.4.6/src/pvmd.c:4328:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fixedargv,argv[0]);
data/pvm-3.4.6/src/pvmd.c:4331:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fixedargv,argv[i]);
data/pvm-3.4.6/src/pvmd.c:4435:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(n,appendix);
data/pvm-3.4.6/src/pvmd.c:4436:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
} else strcat(n,appendix);
data/pvm-3.4.6/src/pvmd.c:4831:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errortxt,
data/pvm-3.4.6/src/pvmd.c:5067:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uns.sun_path, spath);
data/pvm-3.4.6/src/pvmd.c:5178:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "PVMSOCK=%s", p);
data/pvm-3.4.6/src/pvmdshmem.c:380:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/pvmt.%d.%d", pvmtmp, pvm_useruid, scid);
data/pvm-3.4.6/src/pvmdshmem.c:383:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/pvmt.%d", pvmtmp, pvm_useruid);
data/pvm-3.4.6/src/pvmdshmem.c:921:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "%4d pid %d tid %x ptid %x stat %s key 0x%x",
data/pvm-3.4.6/src/pvmdunix.c:194:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename,wxp->w_argv[0]);
data/pvm-3.4.6/src/pvmdunix.c:203:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wxp->w_argv[0],filename);
data/pvm-3.4.6/src/pvmlog.c:318:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, PVMDLOGFILE_CSPP,
data/pvm-3.4.6/src/pvmlog.c:322:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, PVMDLOGFILE, pvmtmp, pvm_useruid, hna);
data/pvm-3.4.6/src/pvmlog.c:327:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, PVMDLOGFILE_CSPP,
data/pvm-3.4.6/src/pvmlog.c:332:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)sprintf(buf, PVMDLOGFILE, pvmtmp, pvm_useruid);
data/pvm-3.4.6/src/pvmlog.c:334:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf, "%s\\pvml.%s", pvmtmp, username);
data/pvm-3.4.6/src/pvmlog.c:341:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( buf, p );
data/pvm-3.4.6/src/pvmlog.c:390:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cc = vsnprintf(vtmp, sizeof(vtmp), fmt, ap);
data/pvm-3.4.6/src/pvmshmem.c:742:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,"init_lock(): init %#x from %s line %d\n", vp,f,l);
data/pvm-3.4.6/src/pvmshmem.c:759:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,"acquire_lock(): polling %#x from %s line %d\n", ip,f,l);
data/pvm-3.4.6/src/pvmshmem.c:788:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt,"release_lock(): releasing %#x from %s line %d\n", vp,f,l);
data/pvm-3.4.6/src/pvmshmem.c:835:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pvmtxt, "Shared memory touching: %s\n",
data/pvm-3.4.6/src/pvmwin.c:93:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(give_back,(char *)value);
data/pvm-3.4.6/src/regex/regex.c:471:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT1(x) if (debug) printf (x)
data/pvm-3.4.6/src/regex/regex.c:472:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT2(x1, x2) if (debug) printf (x1, x2)
data/pvm-3.4.6/src/regex/regex.c:473:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT3(x1, x2, x3) if (debug) printf (x1, x2, x3)
data/pvm-3.4.6/src/regex/regex.c:474:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT4(x1, x2, x3, x4) if (debug) printf (x1, x2, x3, x4)
data/pvm-3.4.6/src/regex/regex.c:4915:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (errbuf, msg);
data/pvm-3.4.6/src/task.c:840:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%x %d %d %x %d %d %d %d %s",
data/pvm-3.4.6/src/tdpro.c:1158:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( wdenv, "PVMSPAWNWD=%s", wd );
data/pvm-3.4.6/src/tdpro.c:2501:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%x %d %d %x %d %d %d %d %s",
data/pvm-3.4.6/tasker/tasker.c:85:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/tasker/tasker.c:458:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path, argv);
data/pvm-3.4.6/tracer/cmd.c:129:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( name, av[i] + 4 );
data/pvm-3.4.6/tracer/cmd.c:132:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( name, av[i] );
data/pvm-3.4.6/tracer/tracer.c:487:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s/tracefile.%s", pvmtmp, pw->pw_name );
data/pvm-3.4.6/tracer/tracer.c:493:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s\\tracefile.%s", pvmtmp, username );
data/pvm-3.4.6/tracer/tracer.c:497:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "%s/tracefile.%d", pvmtmp, getpid() );
data/pvm-3.4.6/tracer/trccompat.c:230:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "Task TID=0x%x Connected to %s",
data/pvm-3.4.6/tracer/trccompat.c:265:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "Task TID=0x%x Connected to %s",
data/pvm-3.4.6/tracer/trccompat.c:773:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( H->refname, "%s", tmp );
data/pvm-3.4.6/tracer/trccompat.c:846:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s", trc_old_tev_formats[ eid ].name );
data/pvm-3.4.6/tracer/trccompat.c:849:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s() ", trc_old_tev_formats[ eid ].name );
data/pvm-3.4.6/tracer/trccompat.c:929:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, " (%s)",
data/pvm-3.4.6/tracer/trccompat.c:955:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, " %d (%s)", ival,
data/pvm-3.4.6/tracer/trccompat.c:990:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, " \"%s\"", buf );
data/pvm-3.4.6/tracer/trccompat.c:1029:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( result, "%s()", trc_old_tev_formats[ eid ].name );
data/pvm-3.4.6/tracer/trcfile.c:314:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( ID->trace_out, /* ( */ ")\"\n" );
data/pvm-3.4.6/tracer/trcfile.c:694:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg,
data/pvm-3.4.6/tracer/trcfile.c:877:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "Ignoring Task \"%s\"\n",
data/pvm-3.4.6/tracer/trcfile.c:1207:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg,
data/pvm-3.4.6/tracer/trcfile.c:1397:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg,
data/pvm-3.4.6/tracer/trcfile.c:1924:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tmp, TT->output );
data/pvm-3.4.6/tracer/trcfile.c:2149:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf( H->refname, "%s", tmp );
data/pvm-3.4.6/tracer/trcmess.c:894:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "Task TID=0x%x Connected to %s",
data/pvm-3.4.6/tracer/trcmess.c:929:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( msg, "Task TID=0x%x Connected to %s",
data/pvm-3.4.6/tracer/trcsort.c:781:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( fname, "%s/tmp.%x.%d", DIRNAME, tid, index );
data/pvm-3.4.6/tracer/trcsort.c:784:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( fname, "%s/tmp.%x", DIRNAME, tid );
data/pvm-3.4.6/tracer/trcutil.c:446:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( fmt, (b ? '*' : ' '), pvmtevinfo[x].name,
data/pvm-3.4.6/tracer/trcutil.c:1232:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( event_str, "%s(%d.%d) @ %d.%s",
data/pvm-3.4.6/tracer/trcutil.c:1238:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( event_str, "%s(%d) @ %d.%s",
data/pvm-3.4.6/tracer/trcutil.c:1291:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "{%s}", (char *) trptr->value );
data/pvm-3.4.6/tracer/trcutil.c:1522:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "{%s}, ",
data/pvm-3.4.6/tracer/trcutil.c:1529:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( tmp, "{%s}",
data/pvm-3.4.6/tracer/trcutil.c:2944:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( result, str );
data/pvm-3.4.6/tracer/trcutil.c:3045:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( tmp, str );
data/pvm-3.4.6/xep/myalloc.h:68:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/console/cmds.c:333:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/console/cmds.c:2024:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv(av[1]))
data/pvm-3.4.6/console/cmds.c:2735:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("PVM_EXPORT");
data/pvm-3.4.6/console/cons.c:249:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/console/cons.c:343:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cygwin_env = getenv("CYGWIN");
data/pvm-3.4.6/console/cons.c:345:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cygwin_env = getenv("CYGWIN32");
data/pvm-3.4.6/console/cons.c:421:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("HOME")))
data/pvm-3.4.6/examples/starter.c:60:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "n:")) != EOF) {
data/pvm-3.4.6/include/fpvm3.h:134:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c setopt/getopt options for 'what'
data/pvm-3.4.6/include/pvm3.h:567:26: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
#define PVMTMPNAMFUN(x) tmpnam(x)
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:232:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:275:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("LOADLBATCH"))) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:277:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("LOADL_PROCESSOR_LIST"))) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:297:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((hfn = getenv("MP_PROCS"))) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:304:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_RMPOOL"))) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:313:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((hfn = getenv("MP_HOSTFILE")))
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:337:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_EUILIB"))) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:727:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_HOSTFILE")) || stat(hfn = "host.list", &sb) != -1) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:230:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:273:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("LOADLBATCH"))) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:275:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("LOADL_PROCESSOR_LIST"))) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:295:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((hfn = getenv("MP_PROCS"))) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:302:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_RMPOOL"))) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:311:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((hfn = getenv("MP_HOSTFILE")))
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:335:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_EUILIB"))) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:724:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_HOSTFILE")) || stat(hfn = "host.list", &sb) != -1) {
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:147:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:195:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((plist = getenv("PROC_LIST")))
data/pvm-3.4.6/src/OS2/src/os2spawn.c:13:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (debugger) { *d = getenv("PVM_DEBUGGER");
data/pvm-3.4.6/src/OS2/src/ruserpas.c:174:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
hdir = getenv("HOME");
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:233:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:276:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("LOADLBATCH"))) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:278:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("LOADL_PROCESSOR_LIST"))) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:298:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((hfn = getenv("MP_PROCS"))) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:305:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_RMPOOL"))) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:314:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if ((hfn = getenv("MP_HOSTFILE")))
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:338:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_EUILIB"))) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:727:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((hfn = getenv("MP_HOSTFILE")) || stat(hfn = "host.list", &sb) != -1) {
data/pvm-3.4.6/src/ddpro.c:445:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/ddpro.c:1030:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(pvmdpath = getenv("PVM_DPATH")))
data/pvm-3.4.6/src/ddpro.c:1032:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(winpvmdpath = getenv("PVM_WINDPATH")))
data/pvm-3.4.6/src/ddpro.c:1111:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (vmid = getenv("PVM_VMID"))
data/pvm-3.4.6/src/lpvm.c:685:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/lpvm.c:2825:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMSOCK"))) {
data/pvm-3.4.6/src/lpvm.c:3063:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMEPID"))
data/pvm-3.4.6/src/lpvm.c:3082:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMTASKDEBUG")) {
data/pvm-3.4.6/src/lpvm.c:3251:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMCTX"))
data/pvm-3.4.6/src/lpvm.c:3260:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (p = getenv("PVMTMASK")) ) {
data/pvm-3.4.6/src/lpvm.c:3274:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVMTRCBUF")))
data/pvm-3.4.6/src/lpvm.c:3285:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVMTRCOPT")))
data/pvm-3.4.6/src/lpvmgen.c:684:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/lpvmgen.c:3110:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVM_EXPORT")) {
data/pvm-3.4.6/src/lpvmgen.c:3123:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (q = getenv(buf)) {
data/pvm-3.4.6/src/lpvmgen.c:3161:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMTASK"))
data/pvm-3.4.6/src/lpvmgen.c:4798:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (e = getenv(vn)) {
data/pvm-3.4.6/src/lpvmgen.c:4849:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (e = getenv(vn)) {
data/pvm-3.4.6/src/lpvmmimd.c:298:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/lpvmmimd.c:1236:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMSOCK"))) {
data/pvm-3.4.6/src/lpvmmimd.c:1266:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMEPID"))) {
data/pvm-3.4.6/src/lpvmmimd.c:1327:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMTASKDEBUG")) { /* read the debug mask */
data/pvm-3.4.6/src/lpvmmimd.c:1368:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMBUFSIZE")) || !(msgbufsiz = strtol(p, (char**)0, 0)))
data/pvm-3.4.6/src/lpvmmimd.c:1466:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMCTX"))
data/pvm-3.4.6/src/lpvmmimd.c:1471:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (p = getenv("PVMTMASK")) ) {
data/pvm-3.4.6/src/lpvmmimd.c:1485:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVMTRCBUF")))
data/pvm-3.4.6/src/lpvmmimd.c:1496:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVMTRCOPT")))
data/pvm-3.4.6/src/lpvmmpp.c:111:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char * getenv();
data/pvm-3.4.6/src/lpvmmpp.c:290:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (s = getenv("PVMINPLACEDELAY"))
data/pvm-3.4.6/src/lpvmshmem.c:520:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/lpvmshmem.c:633:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMSOCK"))) {
data/pvm-3.4.6/src/lpvmshmem.c:1523:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMTASKDEBUG")) {
data/pvm-3.4.6/src/lpvmshmem.c:1557:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMEPID"))
data/pvm-3.4.6/src/lpvmshmem.c:1832:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMCTX"))
data/pvm-3.4.6/src/lpvmshmem.c:1837:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (p = getenv("PVMTMASK")) ) {
data/pvm-3.4.6/src/lpvmshmem.c:1851:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVMTRCBUF")))
data/pvm-3.4.6/src/lpvmshmem.c:1862:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVMTRCOPT")))
data/pvm-3.4.6/src/mppmsg.c:172:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/mppmsg.c:850:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMSOCK"))) {
data/pvm-3.4.6/src/mppmsg.c:879:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMEPID"))) {
data/pvm-3.4.6/src/pvmcruft.c:322:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/pvmcruft.c:859:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (hd = getenv("HOME")) {
data/pvm-3.4.6/src/pvmcruft.c:903:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rd = getenv("PVM_ROOT_U");
data/pvm-3.4.6/src/pvmcruft.c:905:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
rd = getenv("PVM_ROOT");
data/pvm-3.4.6/src/pvmcruft.c:952:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( !(td=getenv("PVM_TMP")) )
data/pvm-3.4.6/src/pvmcruft.c:959:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( !(td=getenv("PVM_TMP")) ) {
data/pvm-3.4.6/src/pvmcruft.c:961:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( !(td=getenv("TEMP")) ) {
data/pvm-3.4.6/src/pvmcruft.c:989:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( !(rd=getenv("PVM_RSH")) )
data/pvm-3.4.6/src/pvmcruft.c:1075:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( p = getenv("PVM_VMID") ) {
data/pvm-3.4.6/src/pvmcruft.c:1509:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (p = getenv( "PVM_ALLOW_ROOT" )) != NULL )
data/pvm-3.4.6/src/pvmd.c:819:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/pvmd.c:984:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMDDEBUG"))
data/pvm-3.4.6/src/pvmd.c:1114:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVM_MAX_TASKS")) {
data/pvm-3.4.6/src/pvmd.c:1231:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
printf("%s\n", getenv("PVMSOCK"));
data/pvm-3.4.6/src/pvmd.c:1756:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cmd = getenv( modulenames[i] );
data/pvm-3.4.6/src/pvmd.c:2315:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!(random() & 3)) {
data/pvm-3.4.6/src/pvmd.c:2456:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!(random() & 3)) {
data/pvm-3.4.6/src/pvmd.c:4036:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVM_DEBUGGER"))
data/pvm-3.4.6/src/pvmd.c:4340:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (pdebug = getenv("PVM_DEBUGGER"))
data/pvm-3.4.6/src/pvmd.c:4906:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("PVMNETSOCKPORT");
data/pvm-3.4.6/src/pvmd.c:5264:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
vv = getenv(vn);
data/pvm-3.4.6/src/pvmd.c:5361:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (s = getenv("PVMHOSTFILE")) {
data/pvm-3.4.6/src/pvmd.c:5407:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("PVM_PATH")))
data/pvm-3.4.6/src/pvmd.c:5417:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("PVM_WD")))
data/pvm-3.4.6/src/pvmd.c:5605:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("PVM_PATH")))
data/pvm-3.4.6/src/pvmd.c:5616:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((s = getenv("PVM_WD")))
data/pvm-3.4.6/src/pvmdshmem.c:273:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/pvmdshmem.c:394:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(p = getenv("PVMBUFSIZE")) || !(shmbufsiz = strtol(p, (char**)0, 0)))
data/pvm-3.4.6/src/pvmlog.c:249:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/pvmlog.c:339:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( p = getenv("PVM_VMID") ) {
data/pvm-3.4.6/src/pvmlog.c:350:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMDLOGMAX"))
data/pvm-3.4.6/src/pvmshmem.c:208:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/pvmshmem.c:676:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMKEY"))
data/pvm-3.4.6/src/pvmshmem.c:833:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
touch_flg = (getenv("PVMTOUCH") ? TOUCH_PAGES : DONT_TOUCH);
data/pvm-3.4.6/src/pvmshmmsg.c:159:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *getenv();
data/pvm-3.4.6/src/pvmshmmsg.c:658:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (p = getenv("PVMKEY"))
data/pvm-3.4.6/src/pvmwin.c:446:7: [3] (misc) AddAccessAllowedAce:
This doesn't set the inheritance bits in the access control entry (ACE)
header (CWE-732). Make sure that you set inheritance by hand if you wish it
to inherit.
if (!AddAccessAllowedAce(pACLNew,
data/pvm-3.4.6/xep/xep.c:195:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(getpid());
data/pvm-3.4.6/console/cmds.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[128];
data/pvm-3.4.6/console/cmds.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lhost[1024];
data/pvm-3.4.6/console/cmds.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvmarch[1024];
data/pvm-3.4.6/console/cmds.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvmroot[1024];
data/pvm-3.4.6/console/cmds.c:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvmtmp[1024];
data/pvm-3.4.6/console/cmds.c:695:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/pvm-3.4.6/console/cmds.c:696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result2[1024];
data/pvm-3.4.6/console/cmds.c:697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcmd[1024];
data/pvm-3.4.6/console/cmds.c:698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/pvm-3.4.6/console/cmds.c:699:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[1024];
data/pvm-3.4.6/console/cmds.c:723:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( user, "<your_user_name>" );
data/pvm-3.4.6/console/cmds.c:949:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "pvmd.bat" );
data/pvm-3.4.6/console/cmds.c:989:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pvmarch, "WIN32" );
data/pvm-3.4.6/console/cmds.c:1040:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "pvmd3.exe" );
data/pvm-3.4.6/console/cmds.c:1078:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pvmtmp, "C:\\TEMP" );
data/pvm-3.4.6/console/cmds.c:1082:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pvmtmp, "/tmp" );
data/pvm-3.4.6/console/cmds.c:1177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcmd[1024];
data/pvm-3.4.6/console/cmds.c:1178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/pvm-3.4.6/console/cmds.c:1200:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "2>&1" );
data/pvm-3.4.6/console/cmds.c:1289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[10]; /* parsed words */
data/pvm-3.4.6/console/cmds.c:1335:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hp->hd_speed = atoi(av[ac] + 3);
data/pvm-3.4.6/console/cmds.c:1743:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
how = atoi(av[1]);
data/pvm-3.4.6/console/cmds.c:1991:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi( av[3] );
data/pvm-3.4.6/console/cmds.c:2112:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi( av[2] );
data/pvm-3.4.6/console/cmds.c:2178:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
signum = atoi(av[1]);
data/pvm-3.4.6/console/cmds.c:2229:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(av[1] + 1);
data/pvm-3.4.6/console/cmds.c:2305:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( ofn,
data/pvm-3.4.6/console/cmds.c:2309:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( ofn, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 );
data/pvm-3.4.6/console/cmds.c:2354:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pvm-3.4.6/console/cmds.c:2357:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x/", f);
data/pvm-3.4.6/console/cmds.c:2548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pvm-3.4.6/console/cmds.c:2577:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tbuf = atoi(av[++i]);
data/pvm-3.4.6/console/cmds.c:2603:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "<Unknown=%d>", topt );
data/pvm-3.4.6/console/cmds.c:2720:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cc = pvm_putinfo(av[1], pvm_getsbuf(), (int)atoi(av[2]));
data/pvm-3.4.6/console/cons.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/pvm-3.4.6/console/cons.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[128];
data/pvm-3.4.6/console/cons.c:404:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmd, "trace xpvm");
data/pvm-3.4.6/console/cons.c:424:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ff = fopen(cmd, "r")) {
data/pvm-3.4.6/console/cons.c:640:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(p);
data/pvm-3.4.6/console/cons.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tchar[2];
data/pvm-3.4.6/examples/bwtest.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/pvm-3.4.6/examples/bwtest.c:222:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d doubles from t%x", MAXSIZE, slavetid);
data/pvm-3.4.6/examples/gmbi.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[100]; /* regular expression to search on */
data/pvm-3.4.6/examples/hello.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pvm-3.4.6/examples/hello_other.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pvm-3.4.6/examples/hello_other.c:51:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "hello, world from ");
data/pvm-3.4.6/examples/inherit1.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], buf2[100];
data/pvm-3.4.6/examples/inherit1.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/inherit2.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pvm-3.4.6/examples/inherit2.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/inherit3.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100], buf2[100];
data/pvm-3.4.6/examples/inherit3.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/inherita.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pvm-3.4.6/examples/inherita.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/inheritb.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/pvm-3.4.6/examples/inheritb.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/lmbi.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/lmbi.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[250];
data/pvm-3.4.6/examples/lmbi.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_name[25];
data/pvm-3.4.6/examples/lmbi.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flagc[10]; /* hold characters for flags */
data/pvm-3.4.6/examples/lmbi.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_txt[100]; /* message received as service request */
data/pvm-3.4.6/examples/lmbi.c:116:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entries = atoi( argv[1] ); /* number of entries to insert */
data/pvm-3.4.6/examples/mbox.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CLASS_NAME[255];
data/pvm-3.4.6/examples/mbox.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[255];
data/pvm-3.4.6/examples/mbox.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmds[100];
data/pvm-3.4.6/examples/mbox.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufout[255];
data/pvm-3.4.6/examples/mbox.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufin[255];
data/pvm-3.4.6/examples/mbox.c:304:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NINDICES = atoi( arg + 9 );
data/pvm-3.4.6/examples/mbox.c:336:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( bufin, "This Message Left Here By Mbox" );
data/pvm-3.4.6/examples/mbox.c:405:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi( cmds[1] );
data/pvm-3.4.6/examples/mbox.c:453:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi( cmds[1] );
data/pvm-3.4.6/examples/mbox.c:557:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bufin,
data/pvm-3.4.6/examples/mbox.c:612:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bufin,
data/pvm-3.4.6/examples/mbox.c:876:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bufin,
data/pvm-3.4.6/examples/mbox.c:917:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( bufin,
data/pvm-3.4.6/examples/mhf_server.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhf_msg[STR_LEN];
data/pvm-3.4.6/examples/mhf_server.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[STR_LEN]; /* used for local info messages */
data/pvm-3.4.6/examples/mhf_server.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_txt[STR_LEN]; /* used for received messages */
data/pvm-3.4.6/examples/mhf_server.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/mhf_server.c:561:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( mhf_msg, "NO MATCH" );
data/pvm-3.4.6/examples/mhf_tickle.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[STR_LEN]; /* temporary location to hold input string to convert to integer */
data/pvm-3.4.6/examples/mhf_tickle.c:325:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[STR_LEN]; /* temporary location to hold input string to convert to integer */
data/pvm-3.4.6/examples/mhf_tickle.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/mhf_tickle.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_txt[STR_LEN]; /* used for sending messages */
data/pvm-3.4.6/examples/mhf_tickle.c:411:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[25]; /* machine name of server */
data/pvm-3.4.6/examples/mhf_tickle.c:451:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( msg_txt, "Are you talking to me!!!" );
data/pvm-3.4.6/examples/ptest.c:64:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ntask = atoi(argv[1]);
data/pvm-3.4.6/examples/ptest.c:73:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mydbmask = atoi(argv[2]);
data/pvm-3.4.6/examples/ptest.c:76:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
niter = atoi(argv[3]);
data/pvm-3.4.6/examples/ptest.c:79:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
myiter = atoi(argv[4]);
data/pvm-3.4.6/examples/rme.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/rme.c:80:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi( argv[2] );
data/pvm-3.4.6/examples/starter.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prog_name[256];
data/pvm-3.4.6/examples/starter.c:62:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': nproc = atoi(optarg);
data/pvm-3.4.6/examples/task0.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25];
data/pvm-3.4.6/examples/task0.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flagc[10]; /* hold characters for flags */
data/pvm-3.4.6/examples/task0.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_txt[100]; /* message received as service request */
data/pvm-3.4.6/examples/task0.c:208:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( msg_txt,
data/pvm-3.4.6/examples/task1.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25]; /* local machine that task1 is running on */
data/pvm-3.4.6/examples/task1.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[25]; /* name of machine "offering" the service */
data/pvm-3.4.6/examples/task1.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_txt[100]; /* message to send to service */
data/pvm-3.4.6/examples/task1.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flagc[10]; /* hold characters for flags */
data/pvm-3.4.6/examples/task1.c:109:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi( argv[2] ); /* get the index value */
data/pvm-3.4.6/examples/task_end.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machine[25]; /* local machine that task1 is running on */
data/pvm-3.4.6/examples/task_end.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[25]; /* name of the machine "offering" service */
data/pvm-3.4.6/examples/task_end.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_txt[100]; /* message to send to service */
data/pvm-3.4.6/examples/task_end.c:86:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi( argv[2] );
data/pvm-3.4.6/examples/task_end.c:150:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( msg_txt, "END" );
data/pvm-3.4.6/examples/taskf.c:111:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flagstring, "PvmMboxDefault " );
data/pvm-3.4.6/examples/taskf.c:115:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flagstring, "PvmMboxReadAndDelete " );
data/pvm-3.4.6/examples/taskf.c:119:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flagstring, "PvmMboxFirstAvail " );
data/pvm-3.4.6/examples/taskf.c:123:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flagstring, "PvmMboxOverWritable " );
data/pvm-3.4.6/examples/taskf.c:127:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flagstring, "PvmMboxMultiInstance " );
data/pvm-3.4.6/examples/taskf.c:131:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flagstring, "PvmMboxPersistent " );
data/pvm-3.4.6/gexamples/ge.c:60:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((nproc = atoi(argv[1])) < 0) goto usage;
data/pvm-3.4.6/gexamples/gexamp.c:64:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((nproc = atoi(argv[1])) < 1) goto usage;
data/pvm-3.4.6/gexamples/gs.c:58:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((nproc = atoi(argv[1])) < 1) goto usage;
data/pvm-3.4.6/gexamples/joinleave.c:56:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
njoins = atoi(argv[1]);
data/pvm-3.4.6/gexamples/thb.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g[MAXGNAME];
data/pvm-3.4.6/gexamples/thb.c:57:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((nproc = atoi(argv[1])) < 1) goto usage;
data/pvm-3.4.6/gexamples/thb.c:67:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/thb.c:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/thb.c:116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tjf.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g[MAXGNAME];
data/pvm-3.4.6/gexamples/tjf.c:62:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tjf.c:71:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tjf.c:83:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tjl.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g[MAXGNAME];
data/pvm-3.4.6/gexamples/tjl.c:62:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tjl.c:71:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tjl.c:83:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(g, "group%d", i);
data/pvm-3.4.6/gexamples/tnb.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g[32];
data/pvm-3.4.6/hoster/hoster.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_buf[256]; /* stdout from host */
data/pvm-3.4.6/hoster/hoster.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_ebuf[256]; /* stderr from host */
data/pvm-3.4.6/hoster/hoster.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sopts[64];
data/pvm-3.4.6/hoster/hoster.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lognam[256];
data/pvm-3.4.6/hoster/hoster.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/pvm-3.4.6/hoster/hoster.c:279:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wincmd[512];
data/pvm-3.4.6/hoster/hoster.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vmid[256];
data/pvm-3.4.6/hoster/hoster.c:779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[16]; /* for rsh args */
data/pvm-3.4.6/hoster/hoster.c:781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pvm-3.4.6/hoster/hoster.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char do_cmd[128];
data/pvm-3.4.6/hoster/pvmwinrexec.c:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char password[30];
data/pvm-3.4.6/hoster/pvmwinrexec.c:324:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char portbuf[30];
data/pvm-3.4.6/hoster/pvmwinrexec.c:358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&server_addr.sin_addr, hent->h_addr, hent->h_length);
data/pvm-3.4.6/hoster/pvmwinrexec.c:407:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(portbuf, "%hu", ntohs(my_err_addr.sin_port));
data/pvm-3.4.6/hoster/pvmwinrsh.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ruserName[64]; // user name given with option 'lo'
data/pvm-3.4.6/hoster/pvmwinrsh.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char luserName[64]; // user logged onto the machine
data/pvm-3.4.6/hoster/pvmwinrsh.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4096];
data/pvm-3.4.6/hoster/pvmwinrsh.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&saddr.sin_addr.s_addr, hostInfo->h_addr,
data/pvm-3.4.6/hoster/pvmwinrsh.c:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuff[2048];
data/pvm-3.4.6/hoster/pvmwinrsh.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048];
data/pvm-3.4.6/hoster/pvmwinrsh.c:231:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmdbuff+cmdbufflen, "%d", rshErrPort); // local stderr port
data/pvm-3.4.6/hoster/pvmwinrsh.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048];
data/pvm-3.4.6/include/pvmtev.h:449:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char Pvmtmask[TEV_MASK_LENGTH];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfaddhost.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thost[MAX_HOST_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfarchcode.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tarch[MAX_HOST_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfbarrier.c:27:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfbcast.c:30:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfdelhost.c:32:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thost[MAX_HOST_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfdelinfo.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_MBOX_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmffrzgrp.c:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfgather.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetinfo.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpattern[MAX_MBOX_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfgetinst.c:30:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfgettid.c:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfgsize.c:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfjoingrp.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmflvgrp.c:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfmstat.c:29:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thost[MAX_HOST_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfputinfo.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_MBOX_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfrecvinfo.c:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_MBOX_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfreduce.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfscatter.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tgroup[MAX_GRP_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfspawn.c:27:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char taout[MAX_PROC_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/Pvmfspawn.c:28:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char twhere[MAX_HOST_NAME + 1];
data/pvm-3.4.6/libfpvm/WIN32/ftocstr.c:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ds,ss,sl);
data/pvm-3.4.6/misc/xhoster/xhoster.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_buf[256]; /* config reply line */
data/pvm-3.4.6/misc/xhoster/xhoster.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_ebuf[256]; /* stderr from host */
data/pvm-3.4.6/misc/xhoster/xhoster.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwbuffer[30];
data/pvm-3.4.6/misc/xhoster/xhoster.c:146:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scribble[1024];
data/pvm-3.4.6/misc/xhoster/xhoster.c:199:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scribble, "Hosts:%3d", nh);
data/pvm-3.4.6/misc/xhoster/xhoster.c:468:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scribble, "PVM Xhoster (task id =t%x)", pvm_mytid());
data/pvm-3.4.6/misc/xhoster/xhoster.c:476:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(scribble, "Hosts:%3d", nh);
data/pvm-3.4.6/misc/xhoster/xhoster.c:561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sopts[64];
data/pvm-3.4.6/misc/xhoster/xhoster.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lognam[256];
data/pvm-3.4.6/misc/xhoster/xhoster.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/pvm-3.4.6/misc/xhoster/xhoster.c:621:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pvm-3.4.6/misc/xhoster/xhoster.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[16]; /* for rsh args */
data/pvm-3.4.6/misc/xhoster/xhoster.c:998:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pvm-3.4.6/rm/srm.c:187:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arch[100], buf[1000], new_buf[1000], where[100];
data/pvm-3.4.6/rm/srm.c:244:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new_buf, "PVMTRCBUF=%d", pvmctrc.trcbuf);
data/pvm-3.4.6/rm/srm.c:246:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new_buf, "PVMTRCOPT=%d", pvmctrc.trcopt);
data/pvm-3.4.6/rm/srm.c:248:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new_buf, "PVMCTX=0x%x", pvmmyctx);
data/pvm-3.4.6/rm/srm.c:368:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_host_arch[100], new_host_name[100];
data/pvm-3.4.6/rm/srm.c:825:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_str[1000];
data/pvm-3.4.6/shmd/pvm_shmd.c:199:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tidslots = init_tidinfo ((char *)segptrs[0],
data/pvm-3.4.6/shmd/pvm_shmd.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[1024];
data/pvm-3.4.6/shmd/pvm_shmd.c:471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[MAXHOSTNAMELEN];
data/pvm-3.4.6/shmd/pvm_shmd.c:476:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fullname, "pvm_shmd:");
data/pvm-3.4.6/shmd/pvm_shmd.c:546:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
id = find_tidinfo_id (((char *)segptrs[0]), tid);
data/pvm-3.4.6/shmd/pvm_shmd_stat.c:19:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[MAXHOSTNAMELEN];
data/pvm-3.4.6/shmd/pvm_shmd_stat.c:20:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shmdname[1024];
data/pvm-3.4.6/shmd/pvm_shmd_stat.c:31:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (shmdname, "pvm_shmd:");
data/pvm-3.4.6/shmd/sendrecv.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*)msgblocks[seg]+(psize*block), (char *)cp, len);
data/pvm-3.4.6/shmd/sendrecv.c:476:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)cp,
data/pvm-3.4.6/shmd/sendrecv.c:481:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *)cp,
data/pvm-3.4.6/shmd/sendrecv.c:481:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memcpy ((char *)cp,
data/pvm-3.4.6/shmd/sendrecv.c:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[MAXHOSTNAMELEN];
data/pvm-3.4.6/shmd/sendrecv.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shmdname[1024];
data/pvm-3.4.6/shmd/sendrecv.c:534:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (shmdname, "pvm_shmd:");
data/pvm-3.4.6/shmd/sendrecv.c:635:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cptr = (char *)blocks[i] + blocks[i]->nextoffset;
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:251:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:253:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nodefile[PVMTMPNAMLEN]; /* tmp node file */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:257:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char defaultpool[64]="1"; /* default MP_POOL if not set */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[128]; /* node name */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:298:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((partsize = atoi(hfn)) < 1) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:299:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"MP_PROCS=%d must be >= to 1\n",partsize);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:305:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(hfn) < 0) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:306:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:315:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(hfp = fopen(hfn, "r"))) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:342:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "%d nodes allocated.\n", partsize);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:365:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "sp2hostfile() need at least %d nodes\n", count+1);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:370:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open( nodefile, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 )) < 0) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:446:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_new() %d nodes %d ... ptype=%d ptid=%x\n",
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:490:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x type=%ld alive=%d\n",
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:517:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x not active\n", tid);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[128]; /* buffer to store count, name.host */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htid[128]; /* buffer to store pvmhost tid */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:615:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", count+1);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:642:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(htid, "PVMHTID=%d", tp->t_tid);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:669:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_load() %d type=%d ptid=%x t%x...\n",
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[128]; /* node name */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[512]; /* command to issue */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[8]; /* for rsh args */
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:728:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(hfn, "r")) {
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:772:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"mpp_kill() signal %d to node t%x ignored\n",
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:803:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_output() pvmhost %d died!\n", sp->n_ptype);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:836:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn() pvmhost %x", tp2->t_tid);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:249:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:251:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nodefile[PVMTMPNAMLEN]; /* tmp node file */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:255:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char defaultpool[64]="1"; /* default MP_POOL if not set */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[128]; /* node name */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:296:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((partsize = atoi(hfn)) < 1) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:297:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"MP_PROCS=%d must be >= to 1\n",partsize);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:303:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(hfn) < 0) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:304:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:313:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(hfp = fopen(hfn, "r"))) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:340:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "%d nodes allocated.\n", partsize);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:362:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "sp2hostfile() need at least %d nodes\n", count+1);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:367:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open( nodefile, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 )) < 0) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:443:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_new() %d nodes %d ... ptype=%d ptid=%x\n",
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:487:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x type=%ld alive=%d\n",
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:514:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x not active\n", tid);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:539:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[128]; /* buffer to store count, name.host */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htid[128]; /* buffer to store pvmhost tid */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:612:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", count+1);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:639:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(htid, "PVMHTID=%d", tp->t_tid);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:666:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_load() %d type=%d ptid=%x t%x...\n",
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:715:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[128]; /* node name */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:716:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[512]; /* command to issue */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[8]; /* for rsh args */
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:725:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(hfn, "r")) {
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:769:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"mpp_kill() signal %d to node t%x ignored\n",
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:800:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_output() pvmhost %d died!\n", sp->n_ptype);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:833:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn() pvmhost %x", tp2->t_tid);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:168:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[NNAMELENGTH]; /* node name */
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:259:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pvmtxt,
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:281:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "%d nodes in list.\n", partsize);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:353:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_new() %d nodes %d ... ptype=%d ptid=%x\n",
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:362:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pvmtxt, "mpp_new() sp=%x sp->n_link=%x\n", sp, sp->n_link );
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:367:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pvmtxt, "mpp_new() sp=%x sp->n_link=%x\n", sp, sp->n_link );
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:399:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pvmtxt, "mpp_free() sp=%x sp->n_link=%x\n", sp, sp->n_link );
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:404:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() n_ptype = %d, PLIndex = %d\n",
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:412:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x type=%ld alive=%d\n",
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:418:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( pvmtxt, "mpp_free called for dead task t%x\n", tid );
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:470:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x not active\n", tid);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[128]; /* buffer to store count, name.host */
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:608:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_load() %d type=%d ptid=%x t%x...\n",
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:658:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn asked for t%x\n", tp->t_tid);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:666:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn looking for t%x\n", myhostpart + ptypepart + i);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:732:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_output() pvmhost %x died for ptype %d!\n", sp->n_ptid, sp->n_ptype);
data/pvm-3.4.6/src/OS2/src/os2spawn.c:8:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char *Arg[1024],*Env[1024],**d,**s,*idstr="PVMEPID=",buf[32];
data/pvm-3.4.6/src/OS2/src/rexec.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char savename[256];
data/pvm-3.4.6/src/OS2/src/rexec.c:70:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((caddr_t)&sin.sin_addr, hp->h_addr, hp->h_length);
data/pvm-3.4.6/src/OS2/src/rexec.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[8];
data/pvm-3.4.6/src/OS2/src/rexec.c:114:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(num, "%u", port);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char namebuf [256];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256]; /* a temp name buffer to avoid overlayyed */
data/pvm-3.4.6/src/OS2/src/ruserpas.c:145:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tokval[100];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hdir, buf[BUFSIZ];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:178:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfile = fopen(buf, "r");
data/pvm-3.4.6/src/OS2/src/ruserpas.c:307:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char E[48];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:329:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[20],oldbuf[20];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,oldbuf[20];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:371:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keyblk[100], blk[100];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:390:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keyblk[100], blk[100];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:423:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iobuf[30];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:460:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iobuf[30];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:562:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char C[28];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:563:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char D[28];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:568:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char KS[16][48];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:626:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char S[8][64] = {
data/pvm-3.4.6/src/OS2/src/ruserpas.c:686:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char L[32], R[32];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:687:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tempL[32];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:688:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f[32];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:693:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char preS[48];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:803:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdutmp = fopen(_PATH_UTMP,"r");
data/pvm-3.4.6/src/OS2/src/ruserpas.c:831:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char skey[40];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[40], stemp1[40], sttyname[30];
data/pvm-3.4.6/src/OS2/src/ruserpas.c:854:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(stemp, "%ld", putmp->ut_time);
data/pvm-3.4.6/src/OS2/src/stdlog.c:7:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4086]="";
data/pvm-3.4.6/src/OS2/src/stdlog.c:12:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
F=fopen("c:/tmp/log.pvm","at");
data/pvm-3.4.6/src/OS2/src/sthoster.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/pvm-3.4.6/src/OS2/src/sthoster.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pvm-3.4.6/src/OS2/src/sthoster.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myenv[100];
data/pvm-3.4.6/src/OS2/src/sthoster.c:49:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected_pid, "PVMEPID=%d", *ptr_nfp);
data/pvm-3.4.6/src/OS2/src/sthoster.c:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hosterpath[128];
data/pvm-3.4.6/src/OS2/src/sthoster.c:123:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(hosterpath,"/bin/OS2/hoster.exe");
data/pvm-3.4.6/src/PGON/pvmdmimd.c:268:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char etext[512]; /* scratch for error log */
data/pvm-3.4.6/src/PGON/pvmdmimd.c:311:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "using %d nodes\n", partsize);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:435:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_new() %d nodes %d ... ptype=%d ptid=%x\n",
data/pvm-3.4.6/src/PGON/pvmdmimd.c:474:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_free() t%x type=%ld alive=%d\n",
data/pvm-3.4.6/src/PGON/pvmdmimd.c:485:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_free() freeing %d recv bufs \n", NRBUFS);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:497:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_free() mprecvbufs is %x \n", mprecvbufs);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:527:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_free() t%x not active\n", tid);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pvm-3.4.6/src/PGON/pvmdmimd.c:683:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "partsize is %d\n",partsize);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:695:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_load() %d type=%ld ptid=%x pid%ld... t%x...\n",
data/pvm-3.4.6/src/PGON/pvmdmimd.c:832:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext,
data/pvm-3.4.6/src/PGON/pvmdmimd.c:913:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_output() pkt to t%x scrapped (no ptype %ld)\n",
data/pvm-3.4.6/src/PGON/pvmdmimd.c:947:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_output wrt TDMSGHDR for %x\n", pp->pk_buf);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:954:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext,
data/pvm-3.4.6/src/PGON/pvmdmimd.c:977:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext, "mpp_output wrt TDFRAGHDR for %x\n", pp->pk_buf);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:1022:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext,"mpp_output() bogus len %d? (dst %x, ff %d)\n",
data/pvm-3.4.6/src/PGON/pvmdmimd.c:1032:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext,"mpp_output() can't send to t%x", tstpkt->pk_dst);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:1094:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext,
data/pvm-3.4.6/src/PGON/pvmdmimd.c:1155:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etext,"mpp_kill() signal %d to node t%x ignored\n",
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:252:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:254:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nodefile[PVMTMPNAMLEN]; /* tmp node file */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:258:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char defaultpool[64]="1"; /* default MP_POOL if not set */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[128]; /* node name */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:299:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((partsize = atoi(hfn)) < 1) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:300:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"MP_PROCS=%d must be >= to 1\n",partsize);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:306:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(hfn) < 0) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:307:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:316:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(hfp = fopen(hfn, "r"))) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:343:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "%d nodes allocated.\n", partsize);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:365:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "sp2hostfile() need at least %d nodes\n", count+1);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:370:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open( nodefile, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 )) < 0) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:446:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_new() %d nodes %d ... ptype=%d ptid=%x\n",
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:490:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x type=%ld alive=%d\n",
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:517:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x not active\n", tid);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[128]; /* buffer to store count, name.host */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:552:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htid[128]; /* buffer to store pvmhost tid */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:615:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "%d", count+1);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:642:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(htid, "PVMHTID=%d", tp->t_tid);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:669:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_load() %d type=%d ptid=%x t%x...\n",
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:718:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nname[128]; /* node name */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:719:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comm[512]; /* command to issue */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[8]; /* for rsh args */
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:728:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(hfn, "r")) {
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:772:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"mpp_kill() signal %d to node t%x ignored\n",
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:803:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_output() pvmhost %d died!\n", sp->n_ptype);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:836:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn() pvmhost %x", tp2->t_tid);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/bfunc.h:65:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define BCOPY(s,d,n) memcpy(d,s,n)
data/pvm-3.4.6/src/bfunc.h:70:25: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define BCOPY(s,d,n) bcopy(s,d,n)
data/pvm-3.4.6/src/ddpro.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hosterpath[128];
data/pvm-3.4.6/src/ddpro.c:1198:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void) strcat(hosterpath,"\\bin\\WIN32\\hoster.exe");
data/pvm-3.4.6/src/ddpro.c:1249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/pvm-3.4.6/src/ddpro.c:1252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pvm-3.4.6/src/ddpro.c:1253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *myenv[100];
data/pvm-3.4.6/src/ddpro.c:1279:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected_pid, "PVMEPID=%d", *ptr_nfp);
data/pvm-3.4.6/src/ddpro.c:1412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/pvm-3.4.6/src/ddpro.c:1494:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "PVMTRCBUF=%d", pvmtracer.trcbuf );
data/pvm-3.4.6/src/ddpro.c:1497:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "PVMTRCOPT=%d", pvmtracer.trcopt );
data/pvm-3.4.6/src/ddpro.c:1751:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16]; /* for converting sockaddr */
data/pvm-3.4.6/src/ddpro.c:2068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[16]; /* for reply parsing */
data/pvm-3.4.6/src/ddpro.c:2075:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/pvm-3.4.6/src/ddpro.c:2117:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ver = atoi(av[0]);
data/pvm-3.4.6/src/ddpro.c:2128:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hp->hd_mtu = atoi(av[3]);
data/pvm-3.4.6/src/ddpro.c:2129:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hp->hd_dsig = atoi(av[4]);
data/pvm-3.4.6/src/ddpro.c:2231:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%x", pvmschedtid);
data/pvm-3.4.6/src/ddpro.c:2689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[32];
data/pvm-3.4.6/src/ddpro.c:2690:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4100]; /* XXX a bit bigger than in pvmd.c`loclstout() */
data/pvm-3.4.6/src/ddpro.c:2709:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "[t%x] ", tid);
data/pvm-3.4.6/src/host.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[10]; /* parsed words */
data/pvm-3.4.6/src/host.c:764:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hp->hd_speed = atoi(av[ac] + 3);
data/pvm-3.4.6/src/host.c:827:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512]; /* line buffer */
data/pvm-3.4.6/src/host.c:849:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(ff = fopen(fn, "r"))) {
data/pvm-3.4.6/src/host.c:966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096]; /* return space for SIOCGIOCONF */
data/pvm-3.4.6/src/host.c:1056:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hn[MAXHOSTNAMELEN];
data/pvm-3.4.6/src/hoster.c:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_buf[256]; /* stdout from host */
data/pvm-3.4.6/src/hoster.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_ebuf[256]; /* stderr from host */
data/pvm-3.4.6/src/hoster.c:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[32]; /* for rsh args */
data/pvm-3.4.6/src/hoster.c:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pvm-3.4.6/src/imalloc.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[4]; /* content tag */
data/pvm-3.4.6/src/imalloc.c:153:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msbuf[256]; /* error message buffer */
data/pvm-3.4.6/src/imalloc.c:214:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_malloc: bogus len=%d\n", len);
data/pvm-3.4.6/src/imalloc.c:223:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_malloc: malloc failed len=%d\n", len);
data/pvm-3.4.6/src/imalloc.c:237:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_malloc: glob allocate failed (max %d)\n",
data/pvm-3.4.6/src/imalloc.c:245:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_malloc: malloc failed for glob\n");
data/pvm-3.4.6/src/imalloc.c:303:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_free: bogus loc=0x%lx\n", (long) loc);
data/pvm-3.4.6/src/imalloc.c:314:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_free: scribbled in 0x%lx[%d]\n",
data/pvm-3.4.6/src/imalloc.c:321:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_free: scribbled in 0x%lx[%d+%d]\n",
data/pvm-3.4.6/src/imalloc.c:387:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_realloc: bogus len=%d\n", len);
data/pvm-3.4.6/src/imalloc.c:398:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_realloc: bogus loc=0x%lx\n",
data/pvm-3.4.6/src/imalloc.c:410:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_realloc: scribbled in 0x%lx[%d]\n",
data/pvm-3.4.6/src/imalloc.c:417:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf,
data/pvm-3.4.6/src/imalloc.c:434:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf, "i_realloc: malloc failed len=%d\n", len);
data/pvm-3.4.6/src/imalloc.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagstr[5];
data/pvm-3.4.6/src/imalloc.c:523:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf,
data/pvm-3.4.6/src/imalloc.c:531:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(msbuf,
data/pvm-3.4.6/src/lpvm.c:1154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spath[PVMTMPNAMLEN];
data/pvm-3.4.6/src/lpvm.c:1156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pvm-3.4.6/src/lpvm.c:1377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pvm-3.4.6/src/lpvm.c:1785:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char inPlaceHdrPool[NINPLACE_HDRS * ( HEADER_SIZE )];
data/pvm-3.4.6/src/lpvm.c:1827:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[64];
data/pvm-3.4.6/src/lpvm.c:2162:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt,"mxfer() hdrPoolStk is %d\n", hdrPoolStk);
data/pvm-3.4.6/src/lpvm.c:2168:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "mxfer(): > %d inplace frags \n",
data/pvm-3.4.6/src/lpvm.c:2394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spath[PVMTMPNAMLEN];
data/pvm-3.4.6/src/lpvm.c:2794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/lpvm.c:2831:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((d = open(p, O_RDONLY, 0)) == -1) {
data/pvm-3.4.6/src/lpvm.c:3006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authfn[PVMTMPNAMLEN]; /* auth file name */
data/pvm-3.4.6/src/lpvm.c:3009:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16]; /* for converting sockaddr */
data/pvm-3.4.6/src/lpvm.c:3016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmask[ 2 * TEV_MASK_LENGTH ];
data/pvm-3.4.6/src/lpvm.c:3021:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128];
data/pvm-3.4.6/src/lpvm.c:3064:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cookie = atoi(p);
data/pvm-3.4.6/src/lpvm.c:3117:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((authfd = open(authfn, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600)) == -1)
data/pvm-3.4.6/src/lpvm.c:3174:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((authfd = open(authfn, O_WRONLY, 0)) == -1) {
data/pvm-3.4.6/src/lpvm.c:3275:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmtrc.trcbuf = atoi( p );
data/pvm-3.4.6/src/lpvm.c:3286:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmtrc.trcopt = atoi( p );
data/pvm-3.4.6/src/lpvm.c:3535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/lpvm.c:3544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256];
data/pvm-3.4.6/src/lpvm.c:3606:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, "pvmd3.exe ");
data/pvm-3.4.6/src/lpvm.c:3680:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0); /* should be 0 */
data/pvm-3.4.6/src/lpvm.c:3681:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_WRONLY, 0); /* should be 2 */
data/pvm-3.4.6/src/lpvm.c:3701:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "PVMSOCK=");
data/pvm-3.4.6/src/lpvmgen.c:945:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/lpvmgen.c:951:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "()");
data/pvm-3.4.6/src/lpvmgen.c:1094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pvm-3.4.6/src/lpvmgen.c:1217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/pvm-3.4.6/src/lpvmgen.c:1420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pvm-3.4.6/src/lpvmgen.c:1605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x", 0xffffffff & val);
data/pvm-3.4.6/src/lpvmgen.c:1644:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x", 0xffffffff & val);
data/pvm-3.4.6/src/lpvmgen.c:1671:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x", 0xffffffff & val);
data/pvm-3.4.6/src/lpvmgen.c:1710:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%x", 0xffffffff & val);
data/pvm-3.4.6/src/lpvmgen.c:3106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/pvm-3.4.6/src/lpvmgen.c:3158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[TEV_MASK_LENGTH + 20];
data/pvm-3.4.6/src/lpvmgen.c:3210:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PVMTRCBUF=%d", pvmctrc.trcbuf);
data/pvm-3.4.6/src/lpvmgen.c:3212:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PVMTRCOPT=%d", pvmctrc.trcopt);
data/pvm-3.4.6/src/lpvmgen.c:3214:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PVMCTX=0x%x", pvmmyctx);
data/pvm-3.4.6/src/lpvmmimd.c:326:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/lpvmmimd.c:590:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mroute() src t%x len %d dst t%x\n",
data/pvm-3.4.6/src/lpvmmimd.c:630:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/lpvmmimd.c:669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[TDFRAGHDR+TTMSGHDR]; /* for inplace data */
data/pvm-3.4.6/src/lpvmmimd.c:748:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "node_send() dst t%x len %d ptype=%ld node=%ld\n",
data/pvm-3.4.6/src/lpvmmimd.c:846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[TDFRAGHDR+TTMSGHDR]; /* for inplace data */
data/pvm-3.4.6/src/lpvmmimd.c:912:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "node_mcast() len %d\n", txfp->fr_len);
data/pvm-3.4.6/src/lpvmmimd.c:994:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "msendrecv() to t%x code %d\n", other, code);
data/pvm-3.4.6/src/lpvmmimd.c:1013:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "msendrecv() cmp from t%x code %d\n",
data/pvm-3.4.6/src/lpvmmimd.c:1183:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "relay() can't send null msg to t%x", dst);
data/pvm-3.4.6/src/lpvmmimd.c:1190:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "relay() can't send to t%x", dst);
data/pvm-3.4.6/src/lpvmmimd.c:1234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullmsg[TDFRAGHDR+TTMSGHDR];
data/pvm-3.4.6/src/lpvmmimd.c:1271:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmmyupid = atoi(p);
data/pvm-3.4.6/src/lpvmmimd.c:1317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmask[ 2 * TEV_MASK_LENGTH ];
data/pvm-3.4.6/src/lpvmmimd.c:1330:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"task debug mask is 0x%x\n", pvmdebmask);
data/pvm-3.4.6/src/lpvmmimd.c:1427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "beatask() t-d protocol mismatch (%d/%d)\n",
data/pvm-3.4.6/src/lpvmmimd.c:1486:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmtrc.trcbuf = atoi( p );
data/pvm-3.4.6/src/lpvmmimd.c:1497:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmtrc.trcopt = atoi( p );
data/pvm-3.4.6/src/lpvmmimd.c:1682:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "pvm_precv() task %x len %d tag %d\n",
data/pvm-3.4.6/src/lpvmmimd.c:1740:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "pvm_precv() task %x len %d tag %d\n",
data/pvm-3.4.6/src/lpvmmimd.c:1983:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/lpvmmpp.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[64];
data/pvm-3.4.6/src/lpvmmpp.c:170:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "mppbeatask(): bad init, node %d, part %d, host %d\n",
data/pvm-3.4.6/src/lpvmmpp.c:178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt," %d Posting receive for config message \n", mynode);
data/pvm-3.4.6/src/lpvmmpp.c:191:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt," %d Receive posted for config message \n", mynode);
data/pvm-3.4.6/src/lpvmmpp.c:213:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt," %d Waiting for config message \n", mynode);
data/pvm-3.4.6/src/lpvmmpp.c:219:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt," %d Got config message \n", mynode);
data/pvm-3.4.6/src/lpvmmpp.c:224:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "beatask() t-d protocol mismatch (%d/%d)\n",
data/pvm-3.4.6/src/lpvmmpp.c:292:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inplaceDelay = atoi(s);
data/pvm-3.4.6/src/lpvmmpp.c:554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[64];
data/pvm-3.4.6/src/lpvmmpp.c:601:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "precv() unpacking message len = %d\n", l);
data/pvm-3.4.6/src/lpvmmpp.c:611:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "precv() short ckted into user buf len = %d\n", l);
data/pvm-3.4.6/src/lpvmpack.c:1799:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(p);
data/pvm-3.4.6/src/lpvmpack.c:1810:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
std = atoi(p);
data/pvm-3.4.6/src/lpvmpack.c:2044:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cnt = atoi(p);
data/pvm-3.4.6/src/lpvmpack.c:2053:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
std = atoi(p);
data/pvm-3.4.6/src/lpvmshmem.c:587:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/lpvmshmem.c:628:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/lpvmshmem.c:638:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((d = open(p, O_RDONLY, 0)) == -1) {
data/pvm-3.4.6/src/lpvmshmem.c:670:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dummy[TDFRAGHDR];
data/pvm-3.4.6/src/lpvmshmem.c:723:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_wait(): Waiting on semop id = %d\n", mysemid);
data/pvm-3.4.6/src/lpvmshmem.c:728:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_wait(): Error waiting for semop id = %d",
data/pvm-3.4.6/src/lpvmshmem.c:735:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_wait(): Processing Event on semop id = %d\n",
data/pvm-3.4.6/src/lpvmshmem.c:1046:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_recv() can't connect to sender t%x\n", sdr);
data/pvm-3.4.6/src/lpvmshmem.c:1063:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_recv() sdr t%x src t%x len %d dst t%x flag %d\n",
data/pvm-3.4.6/src/lpvmshmem.c:1106:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/lpvmshmem.c:1189:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/lpvmshmem.c:1243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_send() dst t%x len %d page %d flag %d\n",
data/pvm-3.4.6/src/lpvmshmem.c:1490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmask[ 2 * TEV_MASK_LENGTH ];
data/pvm-3.4.6/src/lpvmshmem.c:1501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[32];
data/pvm-3.4.6/src/lpvmshmem.c:1526:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"task debug mask is 0x%x\n", pvmdebmask);
data/pvm-3.4.6/src/lpvmshmem.c:1544:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open( fname,
data/pvm-3.4.6/src/lpvmshmem.c:1558:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
altpid = atoi(p);
data/pvm-3.4.6/src/lpvmshmem.c:1615:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "beatask() t-d protocol mismatch (%d/%d)\n",
data/pvm-3.4.6/src/lpvmshmem.c:1852:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmtrc.trcbuf = atoi( p );
data/pvm-3.4.6/src/lpvmshmem.c:1863:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmtrc.trcopt = atoi( p );
data/pvm-3.4.6/src/lpvmshmem.c:2099:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/lpvmshmem.c:2162:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0); /* should be 0 */
data/pvm-3.4.6/src/lpvmshmem.c:2163:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_WRONLY, 0); /* should be 2 */
data/pvm-3.4.6/src/lpvmshmem.c:2181:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "PVMSOCK=");
data/pvm-3.4.6/src/lpvmshmem.c:2365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[32];
data/pvm-3.4.6/src/lpvmshmem.c:2380:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_CREAT|O_EXCL|O_RDWR, 0600)) == -1 ||
data/pvm-3.4.6/src/lpvmshmem.c:2404:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(fname, O_CREAT|O_EXCL|O_RDWR, 0600)) == -1) {
data/pvm-3.4.6/src/lpvmshmem.c:2729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[64];
data/pvm-3.4.6/src/mppchunk.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mpperrtext[128];
data/pvm-3.4.6/src/mppchunk.c:355:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mpperrtext,"Ordering packet seq %d from tid %x\n",
data/pvm-3.4.6/src/mppchunk.c:391:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mpperrtext,"ochunk_delete() packet seq %d from tid %x\n",
data/pvm-3.4.6/src/mppchunk.c:435:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mpperrtext,"init_recv_list(): post_receive failed! src %d tag %d msize %d hsize %d pid %d appid %d : nbufs %d buffer %d \n",
data/pvm-3.4.6/src/mppchunk.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[128];
data/pvm-3.4.6/src/mppchunk.c:482:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "post_recv: bad msg id (%d). Fatal! \n", cc);
data/pvm-3.4.6/src/mppchunk.c:570:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mpperrtext,"read-chunk(): node %d, len %d, tag %d \n",
data/pvm-3.4.6/src/mppchunk.c:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[64];
data/pvm-3.4.6/src/mppchunk.c:660:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errtxt, "readyChunk()read_chunk src %x node %d len %d ff %d buffer %d\n",
data/pvm-3.4.6/src/mppchunk.c:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logtxt[64];
data/pvm-3.4.6/src/mppchunk.c:806:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logtxt," inplaceRecv(): bad mid (%d)\n", cc);
data/pvm-3.4.6/src/mppchunk.c:816:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(logtxt,"inplaceRecv(): error on msgdone (%d)\n", cc);
data/pvm-3.4.6/src/mppmsg.c:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errtxt[64];
data/pvm-3.4.6/src/mppmsg.c:841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullmsg[TDFRAGHDR+MSGHDRLEN];
data/pvm-3.4.6/src/mppmsg.c:884:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmmyupid = atoi(p);
data/pvm-3.4.6/src/nmdclass.c:101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[1024]; /* scratch for error log */
data/pvm-3.4.6/src/nmdclass.c:279:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "%4d: 0x%08x\n", ep->ni_ind, ep->ni_data);
data/pvm-3.4.6/src/pmsg.c:840:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/pvm-3.4.6/src/pmsg.c:861:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/pvm-3.4.6/src/pmsg.c:884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pvm-3.4.6/src/pmsg.c:924:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/pvm-3.4.6/src/pmsg.c:947:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pvm-3.4.6/src/pmsg.c:977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pvm-3.4.6/src/pmsg.c:1004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pvm-3.4.6/src/pmsg.c:1060:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/pvm-3.4.6/src/pmsg.c:1081:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/pvm-3.4.6/src/pmsg.c:1104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pvm-3.4.6/src/pmsg.c:1144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/pvm-3.4.6/src/pmsg.c:1167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pvm-3.4.6/src/pmsg.c:1194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/pvm-3.4.6/src/pmsg.c:1221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/pvm-3.4.6/src/pvmcruft.c:678:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (int)atoi(p);
data/pvm-3.4.6/src/pvmcruft.c:709:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pvm-3.4.6/src/pvmcruft.c:713:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.%d.%d.%d:%d",
data/pvm-3.4.6/src/pvmcruft.c:732:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/pvm-3.4.6/src/pvmcruft.c:736:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%08x:%04x", a, 0xffff & (int)ntohs(sad->sin_port));
data/pvm-3.4.6/src/pvmcruft.c:750:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char scratch[255];
data/pvm-3.4.6/src/pvmcruft.c:1030:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[255];
data/pvm-3.4.6/src/pvmcruft.c:1032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hna[128];
data/pvm-3.4.6/src/pvmcruft.c:1251:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/pvm-3.4.6/src/pvmcruft.c:1262:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", tag);
data/pvm-3.4.6/src/pvmcruft.c:1297:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pvm-3.4.6/src/pvmd.c:956:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/pvmd.c:963:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0);
data/pvm-3.4.6/src/pvmd.c:964:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0);
data/pvm-3.4.6/src/pvmd.c:965:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0);
data/pvm-3.4.6/src/pvmd.c:1115:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvm_max_ntasks = atoi(p);
data/pvm-3.4.6/src/pvmd.c:1137:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/tty", O_RDWR, 0)) != -1) {
data/pvm-3.4.6/src/pvmd.c:1266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[256];
data/pvm-3.4.6/src/pvmd.c:1335:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/pvm-3.4.6/src/pvmd.c:1524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[DDFRAGHDR];
data/pvm-3.4.6/src/pvmd.c:1731:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char retbuf[32];
data/pvm-3.4.6/src/pvmd.c:1749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[5];
data/pvm-3.4.6/src/pvmd.c:1828:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DDFRAGHDR];
data/pvm-3.4.6/src/pvmd.c:2235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[DDFRAGHDR];
data/pvm-3.4.6/src/pvmd.c:3565:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4000];
data/pvm-3.4.6/src/pvmd.c:3864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pvm-3.4.6/src/pvmd.c:3911:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(path,".exe"); /* no *.cmd !!! */
data/pvm-3.4.6/src/pvmd.c:3948:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PVMEPID=%d", nextfakepid);
data/pvm-3.4.6/src/pvmd.c:4029:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "PVMEPID=%d", getpid());
data/pvm-3.4.6/src/pvmd.c:4177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/pvm-3.4.6/src/pvmd.c:4180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/pvm-3.4.6/src/pvmd.c:4195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixedargv[256];
data/pvm-3.4.6/src/pvmd.c:4317:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(expected_pid, "PVMEPID=%d", nextfakepid);
data/pvm-3.4.6/src/pvmd.c:4817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errortxt[128];
data/pvm-3.4.6/src/pvmd.c:4865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/src/pvmd.c:4889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spath[PVMTMPNAMLEN]; /* local socket path */
data/pvm-3.4.6/src/pvmd.c:4908:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpp = (p) ? atoi(p) : 0;
data/pvm-3.4.6/src/pvmd.c:5098:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((d = open(sfn, O_CREAT|O_EXCL|O_WRONLY|O_TRUNC, 0600)) == -1) {
data/pvm-3.4.6/src/pvmd.c:5456:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0);
data/pvm-3.4.6/src/pvmd.c:5457:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_WRONLY, 0);
data/pvm-3.4.6/src/pvmd.c:5524:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mh = atoi(argv[1]);
data/pvm-3.4.6/src/pvmd.c:5525:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lh = atoi(argv[4]);
data/pvm-3.4.6/src/pvmd.c:5535:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hp->hd_mtu = atoi(argv[3]);
data/pvm-3.4.6/src/pvmd.c:5597:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY, 0);
data/pvm-3.4.6/src/pvmd.c:5598:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_WRONLY, 0);
data/pvm-3.4.6/src/pvmdshmem.c:309:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/pvmdshmem.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[32];
data/pvm-3.4.6/src/pvmdshmem.c:385:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open( fname, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 )) < 0) {
data/pvm-3.4.6/src/pvmdshmem.c:479:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_free() t%x\n", tid);
data/pvm-3.4.6/src/pvmdshmem.c:542:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn() assigning pidtid[%d] to t%x\n",
data/pvm-3.4.6/src/pvmdshmem.c:547:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_conn() new task t%x\n", tp->t_tid);
data/pvm-3.4.6/src/pvmdshmem.c:604:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_input() can't connect to sender t%x\n", sdr);
data/pvm-3.4.6/src/pvmdshmem.c:655:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_input() from unknown task t%x\n", src);
data/pvm-3.4.6/src/pvmdshmem.c:721:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/pvmdshmem.c:816:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "mpp_probe() pkt from t%x to t%x scrapped",
data/pvm-3.4.6/src/pvmdshmem.c:869:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "shmctl id=0x%x", pp->p_shmid);
data/pvm-3.4.6/src/pvmdshmem.c:877:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "semctl id=0x%x", pp->p_semid);
data/pvm-3.4.6/src/pvmdshmem.c:929:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt + strlen(pvmtxt), " node %d\n", pidtids[i].pt_node);
data/pvm-3.4.6/src/pvmdunix.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[64];
data/pvm-3.4.6/src/pvmlog.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/pvm-3.4.6/src/pvmlog.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hna[128];
data/pvm-3.4.6/src/pvmlog.c:344:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((log_fd = open(buf,
data/pvm-3.4.6/src/pvmlog.c:351:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmdlogmax = atoi(p);
data/pvm-3.4.6/src/pvmlog.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vtmp[1024];
data/pvm-3.4.6/src/pvmlog.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char em[16];
data/pvm-3.4.6/src/pvmlog.c:508:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(em,"%d",error_nr);
data/pvm-3.4.6/src/pvmlog.c:533:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/pvm-3.4.6/src/pvmlog.c:574:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[t%x] %02d/%02d %02d:%02d:%02d ", pvmmytid,
data/pvm-3.4.6/src/pvmlog.c:581:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[pvmd pid%d] %02d/%02d %02d:%02d:%02d ", pvmmyupid,
data/pvm-3.4.6/src/pvmlog.c:590:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[t%x] ", pvmmytid);
data/pvm-3.4.6/src/pvmlog.c:592:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "[pvmd pid%d] ", pvmmyupid);
data/pvm-3.4.6/src/pvmshmem.c:224:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pvmtxt[512]; /* scratch for error log */
data/pvm-3.4.6/src/pvmshmem.c:271:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "msgbufinit() outmsgbuf=0x%x\n", outmsgbuf);
data/pvm-3.4.6/src/pvmshmem.c:273:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "msgbufinit() last buffer=0x%x\n", p - pvmpgsz);
data/pvm-3.4.6/src/pvmshmem.c:275:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "msgbufinit() pvmpgsz=%d\n", pvmpgsz);
data/pvm-3.4.6/src/pvmshmem.c:299:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "da_new() len = %d: frag must fit in a page\n", len);
data/pvm-3.4.6/src/pvmshmem.c:380:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "ref = %d on page %d\n",
data/pvm-3.4.6/src/pvmshmem.c:427:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_conn() t%x has exited?\n", tid);
data/pvm-3.4.6/src/pvmshmem.c:434:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_conn() to t%x got pp addr %lx\n",
data/pvm-3.4.6/src/pvmshmem.c:487:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_conn() could not find t%x in daemon list\n", tid);
data/pvm-3.4.6/src/pvmshmem.c:496:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_conn() shmget t%x key 0x%x", tid, key);
data/pvm-3.4.6/src/pvmshmem.c:501:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_conn() shmat to t%x using bufid %d\n",
data/pvm-3.4.6/src/pvmshmem.c:553:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_wake() semget t%x key 0x%x\n",
data/pvm-3.4.6/src/pvmshmem.c:562:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_wake() semop t%x\n", pp->p_tid);
data/pvm-3.4.6/src/pvmshmem.c:566:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"peer_wake() sem %d\n", pp->p_semid);
data/pvm-3.4.6/src/pvmshmem.c:630:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "peer_dump() shmctl STAT %d", pp->p_shmid);
data/pvm-3.4.6/src/pvmshmem.c:632:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/pvmshmem.c:638:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,
data/pvm-3.4.6/src/pvmshmem.c:677:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmd_key = atoi(p);
data/pvm-3.4.6/src/pvmshmem.c:693:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "pvmshmkey(): shm/sem key is 0x%x\n", k);
data/pvm-3.4.6/src/pvmshmem.c:701:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "pvmshmkey(): pvmd shm/sem key is 0x%x\n", k);
data/pvm-3.4.6/src/pvmshmem.c:726:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "nextpvmshmkey() shm/sem key is 0x%x\n", pid);
data/pvm-3.4.6/src/pvmshmem.c:772:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"acquire_lock(): acquired %#x after %d/%d polls\n",
data/pvm-3.4.6/src/pvmshmem.c:775:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt,"acquire_lock(): acquired %#x\n", ip);
data/pvm-3.4.6/src/pvmshmem.c:819:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "Touching block at addr 0x%x (%d bytes)\n",
data/pvm-3.4.6/src/pvmshmem.c:866:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "shm_search(): shmat() failed attach at %#x\n", i);
data/pvm-3.4.6/src/pvmshmem.c:875:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "shm_search(): shmat() failed attach at %#x\n", i);
data/pvm-3.4.6/src/pvmshmem.c:886:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pvmtxt, "shm_search(): shmat attached to addr %x\n",
data/pvm-3.4.6/src/pvmshmem.h:288:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct pvmspplock_s { char lock [64]; } pvmspplock_t;
data/pvm-3.4.6/src/pvmshmmsg.c:659:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pvmd_key = atoi(p);
data/pvm-3.4.6/src/pvmwin.c:53:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char token[16];
data/pvm-3.4.6/src/pvmwin.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[64];
data/pvm-3.4.6/src/pvmwin.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myuser[64];
data/pvm-3.4.6/src/regex/regex.c:56:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#ifndef bcopy
data/pvm-3.4.6/src/regex/regex.c:57:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(s, d, n) memcpy ((d), (s), (n))
data/pvm-3.4.6/src/regex/regex.c:57:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(s, d, n) memcpy ((d), (s), (n))
data/pvm-3.4.6/src/regex/regex.c:91:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char re_syntax_table[CHAR_SET_SIZE];
data/pvm-3.4.6/src/regex/regex.c:212:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (source, destination, osize), \
data/pvm-3.4.6/src/regex/regex.c:1440:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CHAR_CLASS_MAX_LENGTH + 1];
data/pvm-3.4.6/src/regex/regex.c:2221:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
range_start = ((unsigned char *) p)[-2];
data/pvm-3.4.6/src/regex/regex.c:2222:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
range_end = ((unsigned char *) p)[0];
data/pvm-3.4.6/src/regex/regex.c:4688:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *) re_error_msg[(int) ret];
data/pvm-3.4.6/src/task.c:669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pvm-3.4.6/src/tdpro.c:541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authfn[PVMTMPNAMLEN]; /* t-auth file name */
data/pvm-3.4.6/src/tdpro.c:579:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((d = open(authfn, O_WRONLY, 0)) == -1) {
data/pvm-3.4.6/src/tdpro.c:594:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tp->t_authfd = open(tp->t_authnam, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600)) == -1)
data/pvm-3.4.6/src/tdpro.c:2425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/pvm-3.4.6/src/tev.c:464:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( (cc = PACK_STRING( ((char **) datap)[i] )) )
data/pvm-3.4.6/src/tev.c:708:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( (cc = PACK_STRING( ((char **) datap)[i] )) )
data/pvm-3.4.6/src/tev.c:1064:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *event_names[ TEV_MAX - TEV_FIRST + 1 ];
data/pvm-3.4.6/tasker/tasker.c:68:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define BCOPY(s,d,n) memcpy(d,s,n)
data/pvm-3.4.6/tasker/tasker.c:73:25: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define BCOPY(s,d,n) bcopy(s,d,n)
data/pvm-3.4.6/tasker/tasker.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/pvm-3.4.6/tasker/tasker.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pvm-3.4.6/tracer/cmd.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[255];
data/pvm-3.4.6/tracer/cmd.c:193:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbytes = atoi( av[1] );
data/pvm-3.4.6/tracer/tracer.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/pvm-3.4.6/tracer/tracer.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[128];
data/pvm-3.4.6/tracer/tracer.c:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/tracer.c:376:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TRACE_BUF = atoi( argv[k++] );
data/pvm-3.4.6/tracer/tracer.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[1024];
data/pvm-3.4.6/tracer/tracer.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvstr[255];
data/pvm-3.4.6/tracer/tracer.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/pvm-3.4.6/tracer/tracer.c:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *av[2];
data/pvm-3.4.6/tracer/tracer.h:106:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen();
data/pvm-3.4.6/tracer/trccompat.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[4096];
data/pvm-3.4.6/tracer/trccompat.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4096];
data/pvm-3.4.6/tracer/trccompat.c:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[255];
data/pvm-3.4.6/tracer/trccompat.c:574:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/pvm-3.4.6/tracer/trccompat.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trccompat.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[4096];
data/pvm-3.4.6/tracer/trccompat.c:823:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/pvm-3.4.6/tracer/trccompat.c:824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/pvm-3.4.6/tracer/trccompat.c:908:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, " %d", ival );
data/pvm-3.4.6/tracer/trccompat.c:920:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, " %d", ival );
data/pvm-3.4.6/tracer/trccompat.c:935:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, " %d (Unknown Error)",
data/pvm-3.4.6/tracer/trccompat.c:961:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, " %d (Unknown Error)",
data/pvm-3.4.6/tracer/trccompat.c:967:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, " 0x%x", ival );
data/pvm-3.4.6/tracer/trccompat.c:978:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, " 0x%x", ival );
data/pvm-3.4.6/tracer/trccompat.c:999:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%%%c", *fmt );
data/pvm-3.4.6/tracer/trccompat.c:1021:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%c", *fmt++ );
data/pvm-3.4.6/tracer/trccompatglob.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *TRC_OLD_TRACE_DESCRIPTORS[TRC_OLD_TRACE_MAX] =
data/pvm-3.4.6/tracer/trccompatglob.c:2415:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *TRC_OLD_TEV_TRACE_NAMES[TRC_OLD_TRACE_MAX] =
data/pvm-3.4.6/tracer/trccompatrev.h:124:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char Pvmtmask[TEV_MASK_LENGTH];
data/pvm-3.4.6/tracer/trcfile.c:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/pvm-3.4.6/tracer/trcfile.c:974:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upk_byte[TRC_MAX_UNPACK_ARR_SIZE];
data/pvm-3.4.6/tracer/trcfile.c:980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upk_str[TRC_MAX_UNPACK_ARR_SIZE];
data/pvm-3.4.6/tracer/trcfile.c:984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/pvm-3.4.6/tracer/trcfile.c:1498:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upk_str[TRC_MAX_UNPACK_ARR_SIZE];
data/pvm-3.4.6/tracer/trcfile.c:1912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4096];
data/pvm-3.4.6/tracer/trcfile.c:2137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trcfile.c:2291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4096];
data/pvm-3.4.6/tracer/trcfile.c:2427:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4096];
data/pvm-3.4.6/tracer/trcfile.c:2733:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( tmp, "/*" );
data/pvm-3.4.6/tracer/trcfile.c:2778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diddesc[1024];
data/pvm-3.4.6/tracer/trcfile.c:2779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtstr[255];
data/pvm-3.4.6/tracer/trcfile.c:2780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char did[8];
data/pvm-3.4.6/tracer/trcfile.c:3086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_str[TRC_MAX_UNPACK_ARR_SIZE];
data/pvm-3.4.6/tracer/trcfile.c:3554:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trclib.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *TRC_TYPE_STRS[16] =
data/pvm-3.4.6/tracer/trclib.h:228:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *TRC_TYPE_STRS[16];
data/pvm-3.4.6/tracer/trcmess.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diddesc[1024];
data/pvm-3.4.6/tracer/trcmess.c:392:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trcmess.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char did[8];
data/pvm-3.4.6/tracer/trcmess.c:796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/pvm-3.4.6/tracer/trcmess.c:797:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[255];
data/pvm-3.4.6/tracer/trcmess.c:850:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "GOTEOF\n" );
data/pvm-3.4.6/tracer/trcmess.c:887:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "GOTSPAWN\n" );
data/pvm-3.4.6/tracer/trcmess.c:922:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "CREATION\n" );
data/pvm-3.4.6/tracer/trcsort.c:81:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
/* TMPFILE */ struct tmpfile_struct *tmpfile;
data/pvm-3.4.6/tracer/trcsort.c:145:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DIRNAME[255];
data/pvm-3.4.6/tracer/trcsort.c:466:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trcsort.c:583:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( DIRNAME, "tmpsort.%d", (int) getpid() );
data/pvm-3.4.6/tracer/trcsort.c:633:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ID->trace_in = fopen( TRACE_INFILE, "r" );
data/pvm-3.4.6/tracer/trcsort.c:643:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( TRACE_OUTFILE, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 );
data/pvm-3.4.6/tracer/trcsort.c:746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[255];
data/pvm-3.4.6/tracer/trcsort.c:895:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ( FPB->tmpfile != NULL )
data/pvm-3.4.6/tracer/trcsort.c:905:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ( FPB->tmpfile != NULL )
data/pvm-3.4.6/tracer/trcsort.c:1013:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( TF->fname, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 );
data/pvm-3.4.6/tracer/trcsort.c:1023:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( TF->fname,
data/pvm-3.4.6/tracer/trcsort.c:1033:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FPB->fp = fopen( TF->fname, rwstr );
data/pvm-3.4.6/tracer/trcutil.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hname[1024];
data/pvm-3.4.6/tracer/trcutil.c:222:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( ID->trace_file, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 );
data/pvm-3.4.6/tracer/trcutil.c:328:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( ID->output_file, O_RDWR|O_CREAT|O_EXCL|O_TRUNC, 0600 );
data/pvm-3.4.6/tracer/trcutil.c:358:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt[64];
data/pvm-3.4.6/tracer/trcutil.c:426:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( fmt, " %%c %%-%ds%%c", width );
data/pvm-3.4.6/tracer/trcutil.c:1217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char event_str[2048];
data/pvm-3.4.6/tracer/trcutil.c:1218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2048];
data/pvm-3.4.6/tracer/trcutil.c:1310:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%f, ",
data/pvm-3.4.6/tracer/trcutil.c:1317:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%f",
data/pvm-3.4.6/tracer/trcutil.c:1341:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%lf, ",
data/pvm-3.4.6/tracer/trcutil.c:1348:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%lf",
data/pvm-3.4.6/tracer/trcutil.c:1371:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%d, ",
data/pvm-3.4.6/tracer/trcutil.c:1378:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%d",
data/pvm-3.4.6/tracer/trcutil.c:1401:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%u, ",
data/pvm-3.4.6/tracer/trcutil.c:1408:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%u",
data/pvm-3.4.6/tracer/trcutil.c:1432:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%ld, ",
data/pvm-3.4.6/tracer/trcutil.c:1439:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%ld",
data/pvm-3.4.6/tracer/trcutil.c:1462:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%d, ",
data/pvm-3.4.6/tracer/trcutil.c:1469:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%d",
data/pvm-3.4.6/tracer/trcutil.c:1492:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%d, ",
data/pvm-3.4.6/tracer/trcutil.c:1499:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%d",
data/pvm-3.4.6/tracer/trcutil.c:1547:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "<DT Not Impl>" );
data/pvm-3.4.6/tracer/trcutil.c:1554:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "<DT Unknown>" );
data/pvm-3.4.6/tracer/trcutil.c:1562:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, ", " );
data/pvm-3.4.6/tracer/trcutil.c:2803:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trcutil.c:2804:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[1024];
data/pvm-3.4.6/tracer/trcutil.c:2856:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "0x%x", tid );
data/pvm-3.4.6/tracer/trcutil.c:2903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[255];
data/pvm-3.4.6/tracer/trcutil.c:2957:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( (char *) (result + (maxlen - 4)), "..." );
data/pvm-3.4.6/tracer/trcutil.c:3006:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/pvm-3.4.6/tracer/trcutil.c:3015:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( tmp, "%ld", num );
data/pvm-3.4.6/tracer/trcutil.c:3029:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( (char *) (str + nz), "%ld", num );
data/pvm-3.4.6/xdr/xdr.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char xdr_zero[BYTES_PER_XDR_UNIT] = { 0, 0, 0, 0 };
data/pvm-3.4.6/xdr/xdr_mem.c:55:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(a,b,c) memcpy(a,b,c)
data/pvm-3.4.6/xdr/xdr_mem.c:55:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(a,b,c) memcpy(a,b,c)
data/pvm-3.4.6/xdr/xdr_mem.c:140:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(xdrs->x_private, addr, len);
data/pvm-3.4.6/xdr/xdr_mem.c:154:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(addr, xdrs->x_private, len);
data/pvm-3.4.6/xep/mmain.c:77:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wd = atoi(argv[1]);
data/pvm-3.4.6/xep/mmain.c:78:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ht = atoi(argv[2]);
data/pvm-3.4.6/xep/mmain.c:127:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((d = open(dfn, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0666)) == -1) {
data/pvm-3.4.6/xep/xep.c:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/pvm-3.4.6/xep/xep.c:665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/pvm-3.4.6/xep/xep.c:672:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", nh);
data/pvm-3.4.6/xep/xep.c:675:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", nworkers);
data/pvm-3.4.6/console/cmds.c:816:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result2 );
data/pvm-3.4.6/console/cmds.c:824:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result );
data/pvm-3.4.6/console/cmds.c:839:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result2 );
data/pvm-3.4.6/console/cmds.c:1006:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result );
data/pvm-3.4.6/console/cmds.c:1102:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result );
data/pvm-3.4.6/console/cmds.c:1211:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result );
data/pvm-3.4.6/console/cmds.c:1215:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( result );
data/pvm-3.4.6/console/cmds.c:1240:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen( name );
data/pvm-3.4.6/console/cmds.c:1251:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( *ptr != '\0' && strlen( ptr ) >= nlen )
data/pvm-3.4.6/console/cmds.c:1263:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( *ptr != '\0' && strlen( ptr ) >= 9 )
data/pvm-3.4.6/console/cmds.c:1702:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(topic);
data/pvm-3.4.6/console/cmds.c:1713:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(csp->cmd);
data/pvm-3.4.6/console/cmds.c:2032:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(av[i]) + 1;
data/pvm-3.4.6/console/cmds.c:2035:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "=");
data/pvm-3.4.6/console/cmds.c:2363:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ",");
data/pvm-3.4.6/console/cmds.c:2368:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = 0;
data/pvm-3.4.6/console/cons.c:513:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(0, cmd, sizeof(cmd)-1)) < 1) {
data/pvm-3.4.6/console/cons.c:828:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( text );
data/pvm-3.4.6/console/myalloc.h:77:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/examples/gmbi.c:109:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( pattern, "*" );
data/pvm-3.4.6/examples/hello_other.c:52:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gethostname(buf + strlen(buf), 64);
data/pvm-3.4.6/examples/mbox.c:520:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( pattern, "*" );
data/pvm-3.4.6/examples/mhf_tickle.c:103:26: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( c != '\n' ) c = getchar( ); /* eat the remaining chars on the line */
data/pvm-3.4.6/examples/mhf_tickle.c:132:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ( ( c = getchar( ) ) != '\n' ) && ( i < ( max_len - 1 ) ) )
data/pvm-3.4.6/examples/mhf_tickle.c:363:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( ( ( c = getchar( ) ) != '\n' ) && ( i < ( max_len - 1 ) ) )
data/pvm-3.4.6/examples/task0.c:109:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( flagc, "d" );
data/pvm-3.4.6/examples/task1.c:115:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( flagc, "d" );
data/pvm-3.4.6/hoster/hoster.c:94:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/hoster/hoster.c:599:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sp->s_efd, sp->s_ebuf + sp->s_elen,
data/pvm-3.4.6/hoster/hoster.c:659:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sp->s_rfd, sp->s_buf + sp->s_len,
data/pvm-3.4.6/hoster/hoster.c:834:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/pvm-3.4.6/hoster/hoster.c:1015:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->s_hst->h_vmid, strlen(sp->s_hst->h_vmid));
data/pvm-3.4.6/hoster/hoster.c:1019:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(sp->s_wfd, sp->s_hst->h_vmid, strlen(sp->s_hst->h_vmid));
data/pvm-3.4.6/hoster/pvmwinrexec.c:103:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (password, '\0', strlen(password));
data/pvm-3.4.6/hoster/pvmwinrexec.c:441:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return win32_write_socket(sIO, str, strlen(str)+1);
data/pvm-3.4.6/hoster/pvmwinrsh.c:110:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buff,"");
data/pvm-3.4.6/hoster/pvmwinrsh.c:119:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff)>=66) return 1;
data/pvm-3.4.6/hoster/pvmwinrsh.c:232:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdbufflen=strlen(cmdbuff)+1;
data/pvm-3.4.6/hoster/pvmwinrsh.c:235:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdbufflen+=strlen(luserName)+1;
data/pvm-3.4.6/hoster/pvmwinrsh.c:238:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdbufflen+=strlen(ruserName)+1;
data/pvm-3.4.6/hoster/pvmwinrsh.c:241:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmdbufflen+=strlen(cmd)+1;
data/pvm-3.4.6/libfpvm/WIN32/Pvmfperror.c:51:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p_ptr, p_len);
data/pvm-3.4.6/libfpvm/WIN32/Pvmfstartpvmd.c:49:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( nargs, args_ptr, args_len );
data/pvm-3.4.6/libfpvm/WIN32/Pvmfstartpvmd.c:79:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( av[ac], beg, len ); /* copy word to arg vector */
data/pvm-3.4.6/libfpvm/WIN32/ftocstr.c:26:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ds, ss, min(sl, dl));
data/pvm-3.4.6/libfpvm/WIN32/ftocstr.c:36:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(ss);
data/pvm-3.4.6/libfpvm/ftocstr.c:58:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ds, ss, min(sl, dl));
data/pvm-3.4.6/libfpvm/ftocstr.c:68:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = strlen(ss);
data/pvm-3.4.6/misc/pvm_fork.c:69:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(pfd[0], (char *)&tid, sizeof(tid)) != sizeof(tid))
data/pvm-3.4.6/misc/xhoster/myalloc.h:66:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/misc/xhoster/xhoster.c:58:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/misc/xhoster/xhoster.c:391:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TextAppend(logWindow, s, strlen(s));
data/pvm-3.4.6/misc/xhoster/xhoster.c:392:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] != '\n')
data/pvm-3.4.6/misc/xhoster/xhoster.c:877:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sp->s_efd, sp->s_ebuf + sp->s_elen,
data/pvm-3.4.6/misc/xhoster/xhoster.c:918:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sp->s_rfd, sp->s_buf + sp->s_len,
data/pvm-3.4.6/misc/xhoster/xhoster.c:1042:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/pvm-3.4.6/pvmgs/pvmgs_func.c:136:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *) PVM_ALLOC(sizeof(char)*(strlen(groupname)+1), GSNAME))
data/pvm-3.4.6/pvmgs/pvmgs_func.c:146:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rvalue->len = strlen(groupname);
data/pvm-3.4.6/shmd/sem.c:31:39: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
for(;(semid=semget(k, n, 0)) == -1;) usleep (1000);
data/pvm-3.4.6/shmd/sendrecv.c:458:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (stime);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:575:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:576:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/AIX4SP2/pvmdmimd.c:576:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:572:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:573:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/AIX5SP2/pvmdmimd.c:573:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:207:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (q = CINDEX(p, ':')) ? q - p : strlen(p);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:227:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (q = CINDEX(p, ':')) ? q - p : strlen(p);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:234:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nname, p, n);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:519:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:520:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/BEOLIN/pvmdmimd.c:520:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/OS2/src/os2spawn.c:20:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(*s) { if(strncmp(*s,idstr,strlen(idstr)))*d++=*s;
data/pvm-3.4.6/src/OS2/src/rexec.c:71:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((*ahost = savename), hp->h_name, sizeof(savename) -1);
data/pvm-3.4.6/src/OS2/src/rexec.c:115:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) write(s, num, strlen(num)+1);
data/pvm-3.4.6/src/OS2/src/rexec.c:127:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) write(s, name, strlen(name) + 1);
data/pvm-3.4.6/src/OS2/src/rexec.c:129:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) write(s, pass, strlen(pass) + 1);
data/pvm-3.4.6/src/OS2/src/rexec.c:130:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) write(s, cmd, strlen(cmd) + 1);
data/pvm-3.4.6/src/OS2/src/rexec.c:131:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(s, &c, 1) != 1) {
data/pvm-3.4.6/src/OS2/src/rexec.c:136:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(s, &c, 1) == 1) {
data/pvm-3.4.6/src/OS2/src/ruserpas.c:49:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, host, sizeof(name) - 1);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:52:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,hp->h_name, sizeof(name) - 1);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:65:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(2, namebuf, sizeof (namebuf)) <= 0) {
data/pvm-3.4.6/src/OS2/src/ruserpas.c:100:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*aname, cp, comma - cp);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:105:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = (char *)malloc(strlen(comma)+1);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:207:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*aname = (char*)malloc(strlen(tokval) + 1);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:224:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*apass = malloc(strlen(tokval) + 1);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:254:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef getc
data/pvm-3.4.6/src/OS2/src/ruserpas.c:255:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define getc getc_unlocked
data/pvm-3.4.6/src/OS2/src/ruserpas.c:258:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF &&
data/pvm-3.4.6/src/OS2/src/ruserpas.c:265:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF && c != '"') {
data/pvm-3.4.6/src/OS2/src/ruserpas.c:267:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(cfile);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:272:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = getc(cfile)) != EOF
data/pvm-3.4.6/src/OS2/src/ruserpas.c:275:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(cfile);
data/pvm-3.4.6/src/OS2/src/ruserpas.c:337:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(result,"$");
data/pvm-3.4.6/src/OS2/src/ruserpas.c:822:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(sfrom);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:603:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/PGON/pvmdmimd.c:605:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/PGON/pvmdmimd.c:605:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:575:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:576:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/SP2MPI/pvmdmimd.c:576:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)strncat(path, name, sizeof(path) - strlen(path) - 1);
data/pvm-3.4.6/src/ddpro.c:1042:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hp->hd_login)
data/pvm-3.4.6/src/ddpro.c:1043:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen((hp->hd_aname ? hp->hd_aname : hp->hd_name))
data/pvm-3.4.6/src/ddpro.c:1056:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( (hp->hd_dpath ? hp->hd_dpath : pvmdpath) ) + 1
data/pvm-3.4.6/src/ddpro.c:1057:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen( (hp->hd_sopts && !strcmp(hp->hd_sopts, "ms")
data/pvm-3.4.6/src/ddpro.c:1060:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 2 + strlen( hp->hd_name ) + 1
data/pvm-3.4.6/src/ddpro.c:1073:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)sprintf(buf + strlen(buf), " %d %s",
data/pvm-3.4.6/src/ddpro.c:1081:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( winpvmdpath ) + 1
data/pvm-3.4.6/src/ddpro.c:1082:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen( (hp->hd_sopts && !strcmp(hp->hd_sopts, "ms")
data/pvm-3.4.6/src/ddpro.c:1085:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 2 + strlen( hp->hd_name ) + 1
data/pvm-3.4.6/src/ddpro.c:1098:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)sprintf(buf + strlen(buf), " %d %s",
data/pvm-3.4.6/src/ddpro.c:1485:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("PVMSPAWNWD=") ) )
data/pvm-3.4.6/src/ddpro.c:1486:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wd = STRALLOC( wxp->w_env[i] + strlen("PVMSPAWNWD=") );
data/pvm-3.4.6/src/ddpro.c:2710:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf2);
data/pvm-3.4.6/src/hoster.c:643:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sp->s_efd, sp->s_ebuf + sp->s_elen,
data/pvm-3.4.6/src/hoster.c:681:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(sp->s_rfd, sp->s_buf + sp->s_len,
data/pvm-3.4.6/src/hoster.c:824:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/pvm-3.4.6/src/hoster.c:957:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp->s_hst->h_vmid, strlen(sp->s_hst->h_vmid));
data/pvm-3.4.6/src/hoster.c:961:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(sp->s_wfd, sp->s_hst->h_vmid, strlen(sp->s_hst->h_vmid));
data/pvm-3.4.6/src/imalloc.c:117:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SWRITE(fd,s) write((fd),(s),strlen(s))
data/pvm-3.4.6/src/imalloc.c:258:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ob->tag, tag, 4);
data/pvm-3.4.6/src/imalloc.c:540:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tagstr, ob->tag, 4);
data/pvm-3.4.6/src/imalloc.c:548:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = msbuf + strlen(msbuf);
data/pvm-3.4.6/src/lpvm.c:1608:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(pcbp->tt_fd, fp->fr_dat + fp->fr_len, n);
data/pvm-3.4.6/src/lpvm.c:2853:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(d, buf, sizeof(buf));
data/pvm-3.4.6/src/lpvm.c:3160:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cc = read(authfd, (char*)&cc, 1)) == -1) {
data/pvm-3.4.6/src/lpvm.c:3261:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(p) + 1 == TEV_MASK_LENGTH )
data/pvm-3.4.6/src/lpvm.c:3388:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(tmask) + 1 == TEV_MASK_LENGTH ) {
data/pvm-3.4.6/src/lpvm.c:3605:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmd,"");
data/pvm-3.4.6/src/lpvm.c:3609:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd," ");
data/pvm-3.4.6/src/lpvm.c:3702:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buf);
data/pvm-3.4.6/src/lpvm.c:3709:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf + n) < 2) {
data/pvm-3.4.6/src/lpvm.c:3713:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buf);
data/pvm-3.4.6/src/lpvmgen.c:831:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newline = (fmt[strlen(fmt) - 1] == '\n') ? 1 : 0;
data/pvm-3.4.6/src/lpvmgen.c:950:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, f, sizeof(buf)-4);
data/pvm-3.4.6/src/lpvmgen.c:1113:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + 1 == TEV_MASK_LENGTH)
data/pvm-3.4.6/src/lpvmgen.c:1220:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + 1 == TEV_MASK_LENGTH)
data/pvm-3.4.6/src/lpvmgen.c:3120:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (q = CINDEX(p, ':')) ? q - p : strlen(p);
data/pvm-3.4.6/src/lpvmgen.c:3121:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, n);
data/pvm-3.4.6/src/lpvmgen.c:4807:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == l && !strncmp(name, p, l))
data/pvm-3.4.6/src/lpvmgen.c:4811:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = TALLOC(strlen(vn) + strlen(e) + strlen(name) + 3, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4811:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = TALLOC(strlen(vn) + strlen(e) + strlen(name) + 3, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4811:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = TALLOC(strlen(vn) + strlen(e) + strlen(name) + 3, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4813:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, "=");
data/pvm-3.4.6/src/lpvmgen.c:4816:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(p, ":");
data/pvm-3.4.6/src/lpvmgen.c:4821:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = TALLOC(strlen(vn) + strlen(name) + 2, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4821:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e = TALLOC(strlen(vn) + strlen(name) + 2, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4823:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(e, "=");
data/pvm-3.4.6/src/lpvmgen.c:4858:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == l && !strncmp(name, p, l)) {
data/pvm-3.4.6/src/lpvmgen.c:4863:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enew = TALLOC(strlen(vn) + (p - e) + strlen(q) + 2, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4863:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
enew = TALLOC(strlen(vn) + (p - e) + strlen(q) + 2, char, "str");
data/pvm-3.4.6/src/lpvmgen.c:4865:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(enew, "=");
data/pvm-3.4.6/src/lpvmgen.c:4866:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(enew, e, p - e);
data/pvm-3.4.6/src/lpvmmimd.c:1143:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(dsock, frpvmd->fr_dat + frpvmd->fr_len, toread);
data/pvm-3.4.6/src/lpvmmimd.c:1279:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(dsock, pvminfo, SIZEHINFO*sizeof(int)) != SIZEHINFO*sizeof(int)) {
data/pvm-3.4.6/src/lpvmmimd.c:1472:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(p) + 1 == TEV_MASK_LENGTH )
data/pvm-3.4.6/src/lpvmmimd.c:1549:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(tmask) + 1 == TEV_MASK_LENGTH ) {
data/pvm-3.4.6/src/lpvmpack.c:1638:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(cp) + 1;
data/pvm-3.4.6/src/lpvmpack.c:1936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt = strlen(cp) + 1;
data/pvm-3.4.6/src/lpvmshmem.c:642:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(d, buf, sizeof(buf));
data/pvm-3.4.6/src/lpvmshmem.c:1838:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(p) + 1 == TEV_MASK_LENGTH )
data/pvm-3.4.6/src/lpvmshmem.c:1921:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(tmask) + 1 == TEV_MASK_LENGTH ) {
data/pvm-3.4.6/src/lpvmshmem.c:2182:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buf);
data/pvm-3.4.6/src/lpvmshmem.c:2189:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf + n) < 2) {
data/pvm-3.4.6/src/lpvmshmem.c:2193:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(buf);
data/pvm-3.4.6/src/lpvmshmem.c:2888:10: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
return( usleep( msecs ) );
data/pvm-3.4.6/src/mppmsg.c:663:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(dsock, frpvmd->fr_dat + frpvmd->fr_len, toread);
data/pvm-3.4.6/src/mppmsg.c:892:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| read(dsock, pvminfo, SIZEHINFO*sizeof(int)) != SIZEHINFO*sizeof(int)) {
data/pvm-3.4.6/src/pmsg.c:2075:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = strlen( pvmtevinfo[TEV_USER_DEFINED].name ) + 1;
data/pvm-3.4.6/src/pvmalloc.h:78:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/src/pvmcruft.c:772:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( buf ) >= PVMTMPNAMLEN ) {
data/pvm-3.4.6/src/pvmcruft.c:774:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pvmlogprintf("<%s> = %d >= %d", buf, strlen( buf ),
data/pvm-3.4.6/src/pvmcruft.c:819:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(pad) + 50;
data/pvm-3.4.6/src/pvmcruft.c:836:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(r);
data/pvm-3.4.6/src/pvmcruft.c:838:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(r, "\n");
data/pvm-3.4.6/src/pvmcruft.c:1013:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp = TALLOC(strlen(r) + strlen(PVMDFILE) + 2, char, "pvmdpath");
data/pvm-3.4.6/src/pvmcruft.c:1013:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp = TALLOC(strlen(r) + strlen(PVMDFILE) + 2, char, "pvmdpath");
data/pvm-3.4.6/src/pvmcruft.c:1076:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buf, "." );
data/pvm-3.4.6/src/pvmcruft.c:1304:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ",");
data/pvm-3.4.6/src/pvmd.c:1285:27: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (int)(input[i] = getc( stdin )) != (char) EOF
data/pvm-3.4.6/src/pvmd.c:1342:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ",");
data/pvm-3.4.6/src/pvmd.c:1346:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "0");
data/pvm-3.4.6/src/pvmd.c:3187:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(tp->t_sock, pp->pk_dat + pp->pk_len, n);
data/pvm-3.4.6/src/pvmd.c:3568:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(tp->t_out, buf, sizeof(buf) - 1);
data/pvm-3.4.6/src/pvmd.c:3888:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needed_size = strlen(*ep) + 1;
data/pvm-3.4.6/src/pvmd.c:3891:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needed_size += strlen(name);
data/pvm-3.4.6/src/pvmd.c:3908:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/pvmd.c:4056:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(path[0]) strcat(path,"/");
data/pvm-3.4.6/src/pvmd.c:4057:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path,name,sizeof(path)-strlen(path)-1);
data/pvm-3.4.6/src/pvmd.c:4057:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path,name,sizeof(path)-strlen(path)-1);
data/pvm-3.4.6/src/pvmd.c:4299:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(path, "/");
data/pvm-3.4.6/src/pvmd.c:4301:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
(void)strncat(path, filename, /* Yuk */ 128 - strlen(path) - 1);
data/pvm-3.4.6/src/pvmd.c:4301:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)strncat(path, filename, /* Yuk */ 128 - strlen(path) - 1);
data/pvm-3.4.6/src/pvmd.c:4329:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fixedargv," ");
data/pvm-3.4.6/src/pvmd.c:4332:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fixedargv," ");
data/pvm-3.4.6/src/pvmd.c:4334:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fixedargv[strlen(fixedargv)-1]=0;
data/pvm-3.4.6/src/pvmd.c:4424:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i=strlen(n)-1;
data/pvm-3.4.6/src/pvmd.c:4426:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenapp= strlen(appendix)-1;
data/pvm-3.4.6/src/pvmd.c:5129:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = write(d, p, strlen(p));
data/pvm-3.4.6/src/pvmd.c:5138:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = win32_write_file(d,p,strlen(p));
data/pvm-3.4.6/src/pvmd.c:5141:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = write(e,p,strlen(p));
data/pvm-3.4.6/src/pvmd.c:5143:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cc != strlen(p)) {
data/pvm-3.4.6/src/pvmd.c:5251:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r + rl, s, l);
data/pvm-3.4.6/src/pvmd.c:5275:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(vv);
data/pvm-3.4.6/src/pvmd.c:5285:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r + rl, vv, l);
data/pvm-3.4.6/src/pvmd.c:5577:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)read(0, (char*)&i, 1);
data/pvm-3.4.6/src/pvmdpack.c:230:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(s) + 1;
data/pvm-3.4.6/src/pvmdshmem.c:929:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(pvmtxt + strlen(pvmtxt), " node %d\n", pidtids[i].pt_node);
data/pvm-3.4.6/src/pvmdshmem.c:931:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pvmtxt, "\n");
data/pvm-3.4.6/src/pvmlog.c:340:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( buf, "." );
data/pvm-3.4.6/src/pvmlog.c:440:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(log_fd, toomuch, strlen(toomuch));
data/pvm-3.4.6/src/pvmlog.c:444:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
atnewline = (fmt[strlen(fmt) - 1] == '\n') ? 1 : 0;
data/pvm-3.4.6/src/pvmlog.c:532:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/pvm-3.4.6/src/pvmlog.c:595:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(buf);
data/pvm-3.4.6/src/pvmlog.c:599:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)write(log_fd, toomuch, strlen(toomuch));
data/pvm-3.4.6/src/regex/pvmregex.c:75:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pattern ), pattbuff );
data/pvm-3.4.6/src/regex/pvmregex.c:99:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( str );
data/pvm-3.4.6/src/regex/regex.c:4685:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = regex_compile (s, (int) strlen(s), re_syntax_options, &re_comp_buf);
data/pvm-3.4.6/src/regex/regex.c:4696:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen (s);
data/pvm-3.4.6/src/regex/regex.c:4791:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = regex_compile (pattern, (int) strlen(pattern), syntax, preg);
data/pvm-3.4.6/src/regex/regex.c:4826:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (string);
data/pvm-3.4.6/src/regex/regex.c:4905:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size = strlen (msg) + 1; /* Includes the null. */
data/pvm-3.4.6/src/regex/regex.c:4911:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (errbuf, msg, errbuf_size - 1);
data/pvm-3.4.6/src/tdpro.c:698:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((cc = read(tp->t_authfd, &c, 1)) == -1) {
data/pvm-3.4.6/src/tdpro.c:1156:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(wd) + strlen("PVMSPAWNWD=") + 1;
data/pvm-3.4.6/src/tdpro.c:1156:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = strlen(wd) + strlen("PVMSPAWNWD=") + 1;
data/pvm-3.4.6/src/tev.c:128:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( pvmtrctmp = strlen( _vp ) + 1, \
data/pvm-3.4.6/tasker/tasker.c:85:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
data/pvm-3.4.6/tracer/tracer.c:135:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/pvm-3.4.6/tracer/tracer.c:209:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (n = read(in, cmd, sizeof( cmd ) - 1 )) < 1 )
data/pvm-3.4.6/tracer/tracer.c:214:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( (n = read(0, cmd, sizeof( cmd ) - 1 )) < 1 )
data/pvm-3.4.6/tracer/tracer.c:344:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( argv[i] );
data/pvm-3.4.6/tracer/trccompat.c:212:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( name, "-" );
data/pvm-3.4.6/tracer/trccompat.c:1057:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF && c != '"'
data/pvm-3.4.6/tracer/trcfile.c:861:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(
data/pvm-3.4.6/tracer/trcfile.c:1381:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (len = strlen( upk_str )) > maxlen )
data/pvm-3.4.6/tracer/trcfile.c:1841:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(
data/pvm-3.4.6/tracer/trcfile.c:1940:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen( tmp );
data/pvm-3.4.6/tracer/trcfile.c:2407:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned) ( strlen( str ) + 1 ), str );
data/pvm-3.4.6/tracer/trcfile.c:2413:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned) ( strlen( str ) + 1 ), str );
data/pvm-3.4.6/tracer/trcfile.c:2446:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2474:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2510:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2622:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2650:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2722:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2819:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2837:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2856:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2881:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2915:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2925:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:2958:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2970:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:2984:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc( ID->trace_in );
data/pvm-3.4.6/tracer/trcfile.c:3198:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&& (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:3219:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:3471:19: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF
data/pvm-3.4.6/tracer/trcfile.c:3564:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( str );
data/pvm-3.4.6/tracer/trcfile.c:3573:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (c = getc( ID->trace_in )) != (char) EOF )
data/pvm-3.4.6/tracer/trcmess.c:853:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tid, tmp, strlen(tmp) );
data/pvm-3.4.6/tracer/trcmess.c:890:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tid, tmp, strlen(tmp) );
data/pvm-3.4.6/tracer/trcmess.c:925:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tid, tmp, strlen(tmp) );
data/pvm-3.4.6/tracer/trcsort.c:486:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( argv[i] );
data/pvm-3.4.6/tracer/trcutil.c:388:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( pvmtevinfo[i].name );
data/pvm-3.4.6/tracer/trcutil.c:554:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( str ) - 1;
data/pvm-3.4.6/tracer/trcutil.c:588:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( bump ) > i + 1 )
data/pvm-3.4.6/tracer/trcutil.c:614:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( bump ) > len + 1 )
data/pvm-3.4.6/tracer/trcutil.c:660:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( str ) - 1;
data/pvm-3.4.6/tracer/trcutil.c:2937:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen( result );
data/pvm-3.4.6/tracer/trcutil.c:2939:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = rlen + strlen( str ) + 1;
data/pvm-3.4.6/tracer/trcutil.c:3017:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd = strlen( tmp );
data/pvm-3.4.6/tracer/trcutil.c:3041:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = (char *) malloc( (unsigned) (strlen(str) + 1)
data/pvm-3.4.6/xdr/xdr.c:530:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(sp);
data/pvm-3.4.6/xep/myalloc.h:68:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STRALLOC(s) strcpy(TALLOC(strlen(s)+1,char,"str"),s)
ANALYSIS SUMMARY:
Hits = 1499
Lines analyzed = 113367 in approximately 2.82 seconds (40249 lines/second)
Physical Source Lines of Code (SLOC) = 70270
Hits@level = [0] 1543 [1] 276 [2] 790 [3] 116 [4] 315 [5] 2
Hits@level+ = [0+] 3042 [1+] 1499 [2+] 1223 [3+] 433 [4+] 317 [5+] 2
Hits/KSLOC@level+ = [0+] 43.2902 [1+] 21.332 [2+] 17.4043 [3+] 6.16195 [4+] 4.51117 [5+] 0.0284616
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.