Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qrouter-1.4.71/point.h
Examining data/qrouter-1.4.71/mask.h
Examining data/qrouter-1.4.71/tclqrouter.c
Examining data/qrouter-1.4.71/def.h
Examining data/qrouter-1.4.71/output.h
Examining data/qrouter-1.4.71/node.c
Examining data/qrouter-1.4.71/node.h
Examining data/qrouter-1.4.71/graphics.c
Examining data/qrouter-1.4.71/qrouter.h
Examining data/qrouter-1.4.71/qrouter.c
Examining data/qrouter-1.4.71/qrouternullg.c
Examining data/qrouter-1.4.71/qconfig.c
Examining data/qrouter-1.4.71/output.c
Examining data/qrouter-1.4.71/point.c
Examining data/qrouter-1.4.71/tkSimple.c
Examining data/qrouter-1.4.71/graphics.h
Examining data/qrouter-1.4.71/qrouterexec.c
Examining data/qrouter-1.4.71/maze.c
Examining data/qrouter-1.4.71/main.c
Examining data/qrouter-1.4.71/mask.c
Examining data/qrouter-1.4.71/lef.h
Examining data/qrouter-1.4.71/delays.c
Examining data/qrouter-1.4.71/maze.h
Examining data/qrouter-1.4.71/qconfig.h
Examining data/qrouter-1.4.71/antenna.c
Examining data/qrouter-1.4.71/lef.c
Examining data/qrouter-1.4.71/tkSimple.h
Examining data/qrouter-1.4.71/def.c
FINAL RESULTS:
data/qrouter-1.4.71/def.c:861:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(instname, token);
data/qrouter-1.4.71/def.c:865:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(instname, token);
data/qrouter-1.4.71/def.c:869:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pinname, token);
data/qrouter-1.4.71/def.c:2008:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.def", inName);
data/qrouter-1.4.71/def.c:2010:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, inName);
data/qrouter-1.4.71/graphics.c:710:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(waitcmd, "tkwait visibility %s", qrouterdrawwin);
data/qrouter-1.4.71/lef.c:1349:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CIFLayer[cuttype], lefl->lefName);
data/qrouter-1.4.71/lef.c:2268:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newname, "%250s_%d", mname, suffix);
data/qrouter-1.4.71/lef.c:3530:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s.lef", inName);
data/qrouter-1.4.71/lef.c:3532:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, inName);
data/qrouter-1.4.71/lef.c:3598:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vianame, "%s_0", token);
data/qrouter-1.4.71/lef.c:3761:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CIFLayer[lefl->type], lefl->lefName);
data/qrouter-1.4.71/output.c:288:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nodestr, "PIN/%s", g->gatename);
data/qrouter-1.4.71/output.c:293:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nodestr, "%s/%s", g->gatename, g->node[i]);
data/qrouter-1.4.71/output.c:2823:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(extfilename, "%s.def", DEFfilename);
data/qrouter-1.4.71/output.c:2841:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newDEFfile, filename);
data/qrouter-1.4.71/output.c:2857:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newDEFfile, filename);
data/qrouter-1.4.71/output.c:2925:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(lptr, "%s", netname);
data/qrouter-1.4.71/output.c:3053:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(lptr, "%s", netname);
data/qrouter-1.4.71/qconfig.c:238:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "%*s %s\n", sarg)) == 1) {
data/qrouter-1.4.71/qconfig.c:260:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "layer_%d_name %s", &iarg2, sarg)) == 2) {
data/qrouter-1.4.71/qconfig.c:262:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
OK = 1; strcpy(CIFLayer[iarg2 - 1], sarg);
data/qrouter-1.4.71/qconfig.c:371:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "do not route node %s\n", sarg)) == 1) {
data/qrouter-1.4.71/qconfig.c:376:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "route priority %s\n", sarg)) == 1) {
data/qrouter-1.4.71/qconfig.c:381:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "critical net %s\n", sarg)) == 1) {
data/qrouter-1.4.71/qconfig.c:411:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "obstruction %lf %lf %lf %lf %s\n",
data/qrouter-1.4.71/qconfig.c:437:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "gate %s %lf %lf\n", sarg, &darg, &darg2)) == 3) {
data/qrouter-1.4.71/qconfig.c:464:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "endgate %s\n", sarg)) == 1) {
data/qrouter-1.4.71/qconfig.c:473:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if ((i = sscanf(lineptr, "pin %s %lf %lf\n", sarg, &darg, &darg2)) == 3) {
data/qrouter-1.4.71/qrouter.c:446:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(DEFfilename, "%s.def", Filename);
data/qrouter-1.4.71/qrouter.h:485:20: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Fprintf fprintf
data/qrouter-1.4.71/qrouter.h:487:20: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Vprintf vfprintf
data/qrouter-1.4.71/tclqrouter.c:269:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (outstr + 19, (f == stderr) ? "err \"" : "out \"");
data/qrouter-1.4.71/tclqrouter.c:277:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
nchars = vsnprintf(outptr + 24, 102, fmt, args);
data/qrouter-1.4.71/tclqrouter.c:285:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(outptr + 24, nchars + 2, fmt, args);
data/qrouter-1.4.71/tclqrouter.c:373:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(substcmd, postcmd);
data/qrouter-1.4.71/tclqrouter.c:402:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd, substcmd);
data/qrouter-1.4.71/tclqrouter.c:405:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd + (int)(sptr - substcmd), sptr + 2);
data/qrouter-1.4.71/tclqrouter.c:408:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd + (int)(sptr - substcmd), tkpath);
data/qrouter-1.4.71/tclqrouter.c:409:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcmd, sptr + 2);
data/qrouter-1.4.71/tclqrouter.c:422:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd, substcmd);
data/qrouter-1.4.71/tclqrouter.c:423:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newcmd + (int)(sptr - substcmd), "\"%s\"", sres);
data/qrouter-1.4.71/tclqrouter.c:424:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcmd, sptr + 2);
data/qrouter-1.4.71/tclqrouter.c:436:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd, substcmd);
data/qrouter-1.4.71/tclqrouter.c:437:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd + (int)(sptr - substcmd),
data/qrouter-1.4.71/tclqrouter.c:439:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcmd, sptr + 2);
data/qrouter-1.4.71/tclqrouter.c:447:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd, substcmd);
data/qrouter-1.4.71/tclqrouter.c:448:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd + (int)(sptr - substcmd), sptr + 2);
data/qrouter-1.4.71/tclqrouter.c:461:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd, substcmd);
data/qrouter-1.4.71/tclqrouter.c:464:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcmd, Tcl_GetString(objv[i]));
data/qrouter-1.4.71/tclqrouter.c:469:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newcmd, sptr + 2);
data/qrouter-1.4.71/tclqrouter.c:477:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd, substcmd);
data/qrouter-1.4.71/tclqrouter.c:478:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newcmd + (int)(sptr - substcmd), sptr + 1);
data/qrouter-1.4.71/tclqrouter.c:583:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command + 9, "%s", qrouter_commands[cmdidx].cmdstr);
data/qrouter-1.4.71/tclqrouter.c:597:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(version_string, "%s", VERSION);
data/qrouter-1.4.71/antenna.c:1290:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen("antenna.out", "w");
data/qrouter-1.4.71/def.c:745:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instname[MAX_NAME_LEN], pinname[MAX_NAME_LEN];
data/qrouter-1.4.71/def.c:866:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pinname, "pin");
data/qrouter-1.4.71/def.c:1100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinname[MAX_NAME_LEN];
data/qrouter-1.4.71/def.c:1370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vianame[LEF_LINE_MAX];
data/qrouter-1.4.71/def.c:1617:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usename[512];
data/qrouter-1.4.71/def.c:1962:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/qrouter-1.4.71/def.c:2012:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/qrouter-1.4.71/delays.c:428:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
delayFile = fopen(delayfilename, "w");
data/qrouter-1.4.71/delays.c:430:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
delayFile = fopen(filename, "w");
data/qrouter-1.4.71/lef.c:206:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[LEF_LINE_MAX + 2]; /* input buffer */
data/qrouter-1.4.71/lef.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *match_name[2];
data/qrouter-1.4.71/lef.c:2228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *token, tsave[128];
data/qrouter-1.4.71/lef.c:2263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[256];
data/qrouter-1.4.71/lef.c:2396:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tsave, "%.127s", token);
data/qrouter-1.4.71/lef.c:3252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newViaXX[MAX_LAYERS];
data/qrouter-1.4.71/lef.c:3253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newViaXY[MAX_LAYERS];
data/qrouter-1.4.71/lef.c:3254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newViaYX[MAX_LAYERS];
data/qrouter-1.4.71/lef.c:3255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newViaYY[MAX_LAYERS];
data/qrouter-1.4.71/lef.c:3489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/qrouter-1.4.71/lef.c:3491:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tsave[128];
data/qrouter-1.4.71/lef.c:3534:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/qrouter-1.4.71/lef.c:3585:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tsave, "%.127s", token);
data/qrouter-1.4.71/lef.c:3592:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tsave, "%.127s", token);
data/qrouter-1.4.71/lef.c:3635:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tsave, "%.127s", token);
data/qrouter-1.4.71/lef.c:3664:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tsave, "%.127s", token);
data/qrouter-1.4.71/lef.c:3694:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tsave, "%.127s", token);
data/qrouter-1.4.71/lef.c:3726:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(gateginfo->gatename, "pin");
data/qrouter-1.4.71/output.c:57:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ffail = fopen(filename, "w");
data/qrouter-1.4.71/output.c:301:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nodestr, "(error: no such node)");
data/qrouter-1.4.71/output.c:324:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen(filename, "w");
data/qrouter-1.4.71/output.c:360:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen( filename, "w" );
data/qrouter-1.4.71/output.c:395:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen( filename, "w" );
data/qrouter-1.4.71/output.c:540:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen(filename, "w");
data/qrouter-1.4.71/output.c:588:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o = fopen(filename, "w");
data/qrouter-1.4.71/output.c:2808:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN + 1], *lptr = NULL;
data/qrouter-1.4.71/output.c:2809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netname[MAX_NAME_LEN];
data/qrouter-1.4.71/output.c:2819:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdef = fopen(DEFfilename, "r");
data/qrouter-1.4.71/output.c:2824:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fdef = fopen(extfilename, "r");
data/qrouter-1.4.71/output.c:2844:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dotptr, "_route.def");
data/qrouter-1.4.71/output.c:2846:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newDEFfile, "_route.def");
data/qrouter-1.4.71/output.c:2848:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Cmd = fopen(newDEFfile, "w");
data/qrouter-1.4.71/output.c:2854:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Cmd = fopen(filename, "w");
data/qrouter-1.4.71/output.c:2858:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newDEFfile, ".def");
data/qrouter-1.4.71/output.c:2859:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Cmd = fopen(newDEFfile, "w");
data/qrouter-1.4.71/qconfig.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CIFLayer[MAX_TYPES][50]; // CIF layer name
data/qrouter-1.4.71/qconfig.c:60:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ViaXX[MAX_LAYERS];
data/qrouter-1.4.71/qconfig.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ViaXY[MAX_LAYERS];
data/qrouter-1.4.71/qconfig.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ViaYX[MAX_LAYERS];
data/qrouter-1.4.71/qconfig.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ViaYY[MAX_LAYERS];
data/qrouter-1.4.71/qconfig.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sarg[MAX_LINE_LEN];
data/qrouter-1.4.71/qconfig.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LEN];
data/qrouter-1.4.71/qconfig.c:208:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "via%d%d", i + 1, i + 2);
data/qrouter-1.4.71/qconfig.h:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char CIFLayer[MAX_TYPES][50]; // CIF layer name
data/qrouter-1.4.71/qconfig.h:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *ViaXX[MAX_LAYERS]; // Top and bottom horizontal
data/qrouter-1.4.71/qconfig.h:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *ViaXY[MAX_LAYERS]; // Bottom horizontal, top vertical
data/qrouter-1.4.71/qconfig.h:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *ViaYX[MAX_LAYERS]; // Bottom vertial, top horizontal
data/qrouter-1.4.71/qconfig.h:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *ViaYY[MAX_LAYERS]; // Top and bottom vertical
data/qrouter-1.4.71/qrouter.c:306:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Verbose = atoi(optarg);
data/qrouter-1.4.71/qrouter.c:343:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minEffort = 100 * atoi(optarg);
data/qrouter-1.4.71/qrouter.c:346:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minEffort = atoi(optarg);
data/qrouter-1.4.71/qrouter.c:368:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infoFILEptr = fopen(infofile, "w" );
data/qrouter-1.4.71/qrouter.c:379:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFILEptr = fopen(configfile, "r");
data/qrouter-1.4.71/tclqrouter.c:236:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snew, s, slen);
data/qrouter-1.4.71/tclqrouter.c:252:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outstr[128] = "puts -nonewline std";
data/qrouter-1.4.71/tclqrouter.c:549:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256];
data/qrouter-1.4.71/tclqrouter.c:550:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[20];
data/qrouter-1.4.71/tclqrouter.c:562:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command, "qrouter::");
data/qrouter-1.4.71/tclqrouter.c:653:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *scriptf = fopen(scriptfile, "r");
data/qrouter-1.4.71/tclqrouter.c:1832:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
configFILE = fopen(configname, "r");
data/qrouter-1.4.71/tkSimple.c:258:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) simplePtr, Tcl_GetString(objv[2]), 0);
data/qrouter-1.4.71/tkSimple.c:267:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) simplePtr, Tcl_GetString(objv[2]), 0);
data/qrouter-1.4.71/def.c:1173:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(token, "%2047s", pinname) != 1)
data/qrouter-1.4.71/def.c:1409:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(token, "%2047s", vianame) != 1)
data/qrouter-1.4.71/def.c:1668:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(token, "%511s", usename) != 1)
data/qrouter-1.4.71/def.c:2092:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) != 1) {
data/qrouter-1.4.71/graphics.c:709:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
waitcmd = (char *)malloc(strlen(qrouterdrawwin) + 20);
data/qrouter-1.4.71/lef.c:3597:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *vianame = (char *)malloc(strlen(token) + 3);
data/qrouter-1.4.71/lef.c:3812:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(vianame + strlen(vianame) - 1) = '1';
data/qrouter-1.4.71/lef.c:3866:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(vianame + strlen(vianame) - 1) = '2';
data/qrouter-1.4.71/lef.c:3902:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(vianame + strlen(vianame) - 1) = '3';
data/qrouter-1.4.71/output.c:287:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nodestr = (char *)malloc(strlen(g->gatename) + 5);
data/qrouter-1.4.71/output.c:291:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nodestr = (char *)malloc(strlen(g->gatename)
data/qrouter-1.4.71/output.c:292:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(g->node[i]) + 2);
data/qrouter-1.4.71/output.c:2822:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *extfilename = malloc(strlen(DEFfilename) + 5);
data/qrouter-1.4.71/output.c:2840:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newDEFfile = (char *)malloc(strlen(filename) + 11);
data/qrouter-1.4.71/output.c:2856:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newDEFfile = (char *)malloc(strlen(filename) + 11);
data/qrouter-1.4.71/qrouter.c:445:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEFfilename = (char *)malloc(strlen(Filename) + 5);
data/qrouter-1.4.71/tclqrouter.c:233:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = 1 + strlen(s);
data/qrouter-1.4.71/tclqrouter.c:283:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bigstr, outptr, 24);
data/qrouter-1.4.71/tclqrouter.c:299:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(finalstr, outptr, 24);
data/qrouter-1.4.71/tclqrouter.c:334:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(stdptr, (f == stderr) ? "err" : "out", 3);
data/qrouter-1.4.71/tclqrouter.c:372:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substcmd = (char *)Tcl_Alloc(strlen(postcmd) + 1);
data/qrouter-1.4.71/tclqrouter.c:398:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd));
data/qrouter-1.4.71/tclqrouter.c:400:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd) + strlen(tkpath));
data/qrouter-1.4.71/tclqrouter.c:400:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd) + strlen(tkpath));
data/qrouter-1.4.71/tclqrouter.c:420:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd)
data/qrouter-1.4.71/tclqrouter.c:421:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(sres) + 1);
data/qrouter-1.4.71/tclqrouter.c:434:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd)
data/qrouter-1.4.71/tclqrouter.c:435:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(Tcl_GetString(objv[objidx])));
data/qrouter-1.4.71/tclqrouter.c:446:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd) + 1);
data/qrouter-1.4.71/tclqrouter.c:459:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen += (1 + strlen(Tcl_GetString(objv[i])));
data/qrouter-1.4.71/tclqrouter.c:460:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd) + llen);
data/qrouter-1.4.71/tclqrouter.c:462:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(newcmd + (int)(sptr - substcmd), "{");
data/qrouter-1.4.71/tclqrouter.c:466:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newcmd, " ");
data/qrouter-1.4.71/tclqrouter.c:468:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newcmd, "}");
data/qrouter-1.4.71/tclqrouter.c:476:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newcmd = (char *)Tcl_Alloc(strlen(substcmd) + 1);
data/qrouter-1.4.71/tclqrouter.c:529:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Tcl_GetString(objv[2])) == 0)
ANALYSIS SUMMARY:
Hits = 163
Lines analyzed = 27955 in approximately 0.72 seconds (38920 lines/second)
Physical Source Lines of Code (SLOC) = 19446
Hits@level = [0] 155 [1] 36 [2] 72 [3] 0 [4] 55 [5] 0
Hits@level+ = [0+] 318 [1+] 163 [2+] 127 [3+] 55 [4+] 55 [5+] 0
Hits/KSLOC@level+ = [0+] 16.353 [1+] 8.38219 [2+] 6.53091 [3+] 2.82835 [4+] 2.82835 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.