Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/raidutils-0.0.6/lib/dpt_buff.cpp Examining data/raidutils-0.0.6/lib/dptalign.c Examining data/raidutils-0.0.6/lib/findpath.c Examining data/raidutils-0.0.6/lib/funcs.c Examining data/raidutils-0.0.6/lib/hba_log.cpp Examining data/raidutils-0.0.6/lib/scsi_log.cpp Examining data/raidutils-0.0.6/lib/ctlr_map.cpp Examining data/raidutils-0.0.6/lib/engcalls.cpp Examining data/raidutils-0.0.6/lib/engmsg.c Examining data/raidutils-0.0.6/lib/lockunix.c Examining data/raidutils-0.0.6/include/dpt_api.h Examining data/raidutils-0.0.6/include/dpt_buff.h Examining data/raidutils-0.0.6/include/dpt_eata.h Examining data/raidutils-0.0.6/include/dpt_log.hpp Examining data/raidutils-0.0.6/include/dptalign.h Examining data/raidutils-0.0.6/include/dptsig.h Examining data/raidutils-0.0.6/include/drv_busy.hpp Examining data/raidutils-0.0.6/include/eng_osd.h Examining data/raidutils-0.0.6/include/eng_std.h Examining data/raidutils-0.0.6/include/eng_std.hpp Examining data/raidutils-0.0.6/include/engine.h Examining data/raidutils-0.0.6/include/engmsg.h Examining data/raidutils-0.0.6/include/findpath.h Examining data/raidutils-0.0.6/include/funcs.h Examining data/raidutils-0.0.6/include/hba_log.h Examining data/raidutils-0.0.6/include/hba_log.hpp Examining data/raidutils-0.0.6/include/lockunix.h Examining data/raidutils-0.0.6/include/mem.h Examining data/raidutils-0.0.6/include/osd_defs.h Examining data/raidutils-0.0.6/include/osd_unix.h Examining data/raidutils-0.0.6/include/osd_util.h Examining data/raidutils-0.0.6/include/sys_info.h Examining data/raidutils-0.0.6/include/linux/i2o-dev.h Examining data/raidutils-0.0.6/include/ctlr_map.hpp Examining data/raidutils-0.0.6/include/dpt_scsi.h Examining data/raidutils-0.0.6/include/get_info.h Examining data/raidutils-0.0.6/include/messages.h Examining data/raidutils-0.0.6/include/rtncodes.h Examining data/raidutils-0.0.6/raideng/addr_rng.cpp Examining data/raidutils-0.0.6/raideng/addr_rng.hpp Examining data/raidutils-0.0.6/raideng/allfiles.hpp Examining data/raidutils-0.0.6/raideng/array.cpp Examining data/raidutils-0.0.6/raideng/array.hpp Examining data/raidutils-0.0.6/raideng/bridge.hpp Examining data/raidutils-0.0.6/raideng/core.cpp Examining data/raidutils-0.0.6/raideng/core.hpp Examining data/raidutils-0.0.6/raideng/core_ccb.cpp Examining data/raidutils-0.0.6/raideng/core_con.cpp Examining data/raidutils-0.0.6/raideng/core_dev.cpp Examining data/raidutils-0.0.6/raideng/core_fwd.hpp Examining data/raidutils-0.0.6/raideng/core_mgr.cpp Examining data/raidutils-0.0.6/raideng/core_obj.cpp Examining data/raidutils-0.0.6/raideng/debug.cpp Examining data/raidutils-0.0.6/raideng/debug.h Examining data/raidutils-0.0.6/raideng/del1.cpp Examining data/raidutils-0.0.6/raideng/del2.cpp Examining data/raidutils-0.0.6/raideng/del_list.hpp Examining data/raidutils-0.0.6/raideng/dpt_fwd.hpp Examining data/raidutils-0.0.6/raideng/dpt_osd.h Examining data/raidutils-0.0.6/raideng/dptcbuff.c Examining data/raidutils-0.0.6/raideng/dptcbuff.h Examining data/raidutils-0.0.6/raideng/dptdebug.h Examining data/raidutils-0.0.6/raideng/driver.hpp Examining data/raidutils-0.0.6/raideng/drv_busy.cpp Examining data/raidutils-0.0.6/raideng/eata2i2o.c Examining data/raidutils-0.0.6/raideng/eata2i2o.h Examining data/raidutils-0.0.6/raideng/eng_ccb.hpp Examining data/raidutils-0.0.6/raideng/eng_sig.c Examining data/raidutils-0.0.6/raideng/eng_std.cpp Examining data/raidutils-0.0.6/raideng/engfile1.cpp Examining data/raidutils-0.0.6/raideng/engfile2.cpp Examining data/raidutils-0.0.6/raideng/engfile3.cpp Examining data/raidutils-0.0.6/raideng/engine.cpp Examining data/raidutils-0.0.6/raideng/englists.cpp Examining data/raidutils-0.0.6/raideng/englists.hpp Examining data/raidutils-0.0.6/raideng/gbl_fns.hpp Examining data/raidutils-0.0.6/raideng/hba.hpp Examining data/raidutils-0.0.6/raideng/i2odpt.h Examining data/raidutils-0.0.6/raideng/i2omodul.h Examining data/raidutils-0.0.6/raideng/kill.cpp Examining data/raidutils-0.0.6/raideng/manager.cpp Examining data/raidutils-0.0.6/raideng/manager.hpp Examining data/raidutils-0.0.6/raideng/msg_str.cpp Examining data/raidutils-0.0.6/raideng/msg_str.hpp Examining data/raidutils-0.0.6/raideng/ptrarray.cpp Examining data/raidutils-0.0.6/raideng/ptrarray.hpp Examining data/raidutils-0.0.6/raideng/raid.cpp Examining data/raidutils-0.0.6/raideng/raid_bcd.cpp Examining data/raidutils-0.0.6/raideng/raid_fwd.hpp Examining data/raidutils-0.0.6/raideng/raid_hba.cpp Examining data/raidutils-0.0.6/raideng/raid_mgr.cpp Examining data/raidutils-0.0.6/raideng/raiddrvr.cpp Examining data/raidutils-0.0.6/raideng/scsi_bcd.cpp Examining data/raidutils-0.0.6/raideng/scsi_ccb.cpp Examining data/raidutils-0.0.6/raideng/scsi_con.cpp Examining data/raidutils-0.0.6/raideng/scsi_fwd.hpp Examining data/raidutils-0.0.6/raideng/scsi_hba.cpp Examining data/raidutils-0.0.6/raideng/scsi_mgr.cpp Examining data/raidutils-0.0.6/raideng/scsi_obj.cpp Examining data/raidutils-0.0.6/raideng/scsidrvr.cpp Examining data/raidutils-0.0.6/raideng/sharmem.c Examining data/raidutils-0.0.6/raideng/stamp.hpp Examining data/raidutils-0.0.6/raideng/stat_log.cpp Examining data/raidutils-0.0.6/raideng/stat_log.hpp Examining data/raidutils-0.0.6/raideng/stats.h Examining data/raidutils-0.0.6/raideng/swap_em.c Examining data/raidutils-0.0.6/raideng/threads.cpp Examining data/raidutils-0.0.6/raideng/connect.cpp Examining data/raidutils-0.0.6/raideng/connect.hpp Examining data/raidutils-0.0.6/raideng/device.cpp Examining data/raidutils-0.0.6/raideng/device.hpp Examining data/raidutils-0.0.6/raideng/driver.cpp Examining data/raidutils-0.0.6/raideng/eng_unix.cpp Examining data/raidutils-0.0.6/raideng/gbl_fns.cpp Examining data/raidutils-0.0.6/raideng/hba.cpp Examining data/raidutils-0.0.6/raideng/i2oadptr.h Examining data/raidutils-0.0.6/raideng/i2obscsi.h Examining data/raidutils-0.0.6/raideng/i2odep.h Examining data/raidutils-0.0.6/raideng/i2oexec.h Examining data/raidutils-0.0.6/raideng/i2omsg.h Examining data/raidutils-0.0.6/raideng/i2omstor.h Examining data/raidutils-0.0.6/raideng/i2otypes.h Examining data/raidutils-0.0.6/raideng/i2outil.h Examining data/raidutils-0.0.6/raideng/object.cpp Examining data/raidutils-0.0.6/raideng/object.hpp Examining data/raidutils-0.0.6/raideng/osd_unix.cpp Examining data/raidutils-0.0.6/raideng/raid.h Examining data/raidutils-0.0.6/raideng/raid_dev.cpp Examining data/raidutils-0.0.6/raideng/scsi_dev.cpp Examining data/raidutils-0.0.6/raideng/semaphor.c Examining data/raidutils-0.0.6/raideng/unreslvd.cpp Examining data/raidutils-0.0.6/raidutil/bufio.h Examining data/raidutils-0.0.6/raidutil/bufiolsb.c Examining data/raidutils-0.0.6/raidutil/dpt_api.c Examining data/raidutils-0.0.6/raidutil/dpt_info.h Examining data/raidutils-0.0.6/raidutil/dpt_msg.h Examining data/raidutils-0.0.6/raidutil/dpt_rtn.h Examining data/raidutils-0.0.6/raidutil/drv_busy.cpp Examining data/raidutils-0.0.6/raidutil/engiface.cpp Examining data/raidutils-0.0.6/raidutil/engiface.hpp Examining data/raidutils-0.0.6/raidutil/id_list.cpp Examining data/raidutils-0.0.6/raidutil/id_list.hpp Examining data/raidutils-0.0.6/raidutil/log_core.hpp Examining data/raidutils-0.0.6/raidutil/log_osd.h Examining data/raidutils-0.0.6/raidutil/lzssdon.cpp Examining data/raidutils-0.0.6/raidutil/module.c Examining data/raidutils-0.0.6/raidutil/segment.cpp Examining data/raidutils-0.0.6/raidutil/status.cpp Examining data/raidutils-0.0.6/raidutil/status.hpp Examining data/raidutils-0.0.6/raidutil/swap_em.c Examining data/raidutils-0.0.6/raidutil/trapdef.h Examining data/raidutils-0.0.6/raidutil/alarm.cpp Examining data/raidutils-0.0.6/raidutil/alarm.hpp Examining data/raidutils-0.0.6/raidutil/cmdlist.cpp Examining data/raidutils-0.0.6/raidutil/cmdlist.hpp Examining data/raidutils-0.0.6/raidutil/command.cpp Examining data/raidutils-0.0.6/raidutil/command.hpp Examining data/raidutils-0.0.6/raidutil/config.cpp Examining data/raidutils-0.0.6/raidutil/config.hpp Examining data/raidutils-0.0.6/raidutil/creatrad.cpp Examining data/raidutils-0.0.6/raidutil/creatrad.hpp Examining data/raidutils-0.0.6/raidutil/debug.hpp Examining data/raidutils-0.0.6/raidutil/deletrad.cpp Examining data/raidutils-0.0.6/raidutil/deletrad.hpp Examining data/raidutils-0.0.6/raidutil/dynsize.cpp Examining data/raidutils-0.0.6/raidutil/dynsize.h Examining data/raidutils-0.0.6/raidutil/eventlog.cpp Examining data/raidutils-0.0.6/raidutil/eventlog.hpp Examining data/raidutils-0.0.6/raidutil/expand.cpp Examining data/raidutils-0.0.6/raidutil/expand.hpp Examining data/raidutils-0.0.6/raidutil/flash.cpp Examining data/raidutils-0.0.6/raidutil/flash.hpp Examining data/raidutils-0.0.6/raidutil/flashmem.cpp Examining data/raidutils-0.0.6/raidutil/flashmem.h Examining data/raidutils-0.0.6/raidutil/forcest.cpp Examining data/raidutils-0.0.6/raidutil/forcest.hpp Examining data/raidutils-0.0.6/raidutil/intlist.cpp Examining data/raidutils-0.0.6/raidutil/intlist.hpp Examining data/raidutils-0.0.6/raidutil/listdev.cpp Examining data/raidutils-0.0.6/raidutil/listdev.hpp Examining data/raidutils-0.0.6/raidutil/lzstrbuf.cpp Examining data/raidutils-0.0.6/raidutil/lzstrbuf.h Examining data/raidutils-0.0.6/raidutil/modnvram.cpp Examining data/raidutils-0.0.6/raidutil/modnvram.hpp Examining data/raidutils-0.0.6/raidutil/namarray.cpp Examining data/raidutils-0.0.6/raidutil/namarray.hpp Examining data/raidutils-0.0.6/raidutil/nvrambit.cpp Examining data/raidutils-0.0.6/raidutil/nvrambit.hpp Examining data/raidutils-0.0.6/raidutil/pagemod.hpp Examining data/raidutils-0.0.6/raidutil/parsargv.cpp Examining data/raidutils-0.0.6/raidutil/parsargv.hpp Examining data/raidutils-0.0.6/raidutil/parser.cpp Examining data/raidutils-0.0.6/raidutil/parser.hpp Examining data/raidutils-0.0.6/raidutil/parserr.cpp Examining data/raidutils-0.0.6/raidutil/parserr.hpp Examining data/raidutils-0.0.6/raidutil/quietmod.hpp Examining data/raidutils-0.0.6/raidutil/raidutil.cpp Examining data/raidutils-0.0.6/raidutil/rawdata.cpp Examining data/raidutils-0.0.6/raidutil/rawdata.hpp Examining data/raidutils-0.0.6/raidutil/rdutlosd.cpp Examining data/raidutils-0.0.6/raidutil/rdutlosd.h Examining data/raidutils-0.0.6/raidutil/rmwflash.cpp Examining data/raidutils-0.0.6/raidutil/rmwflash.hpp Examining data/raidutils-0.0.6/raidutil/rscenum.h Examining data/raidutils-0.0.6/raidutil/rscstrs.h Examining data/raidutils-0.0.6/raidutil/rstnvram.cpp Examining data/raidutils-0.0.6/raidutil/rstnvram.hpp Examining data/raidutils-0.0.6/raidutil/rustring.h Examining data/raidutils-0.0.6/raidutil/scsiaddr.hpp Examining data/raidutils-0.0.6/raidutil/scsilist.cpp Examining data/raidutils-0.0.6/raidutil/scsilist.hpp Examining data/raidutils-0.0.6/raidutil/segment.hpp Examining data/raidutils-0.0.6/raidutil/setcache.cpp Examining data/raidutils-0.0.6/raidutil/setcache.hpp Examining data/raidutils-0.0.6/raidutil/setrate.cpp Examining data/raidutils-0.0.6/raidutil/setrate.hpp Examining data/raidutils-0.0.6/raidutil/setscfg.cpp Examining data/raidutils-0.0.6/raidutil/setscfg.hpp Examining data/raidutils-0.0.6/raidutil/setspeed.cpp Examining data/raidutils-0.0.6/raidutil/setspeed.hpp Examining data/raidutils-0.0.6/raidutil/showinq.cpp Examining data/raidutils-0.0.6/raidutil/showinq.hpp Examining data/raidutils-0.0.6/raidutil/strlist.cpp Examining data/raidutils-0.0.6/raidutil/strlist.hpp Examining data/raidutils-0.0.6/raidutil/taskctrl.cpp Examining data/raidutils-0.0.6/raidutil/taskctrl.hpp Examining data/raidutils-0.0.6/raidutil/uartdmp.cpp Examining data/raidutils-0.0.6/raidutil/uartdmp.hpp Examining data/raidutils-0.0.6/raidutil/usage.cpp Examining data/raidutils-0.0.6/raidutil/usage.hpp Examining data/raidutils-0.0.6/raidutil/zap.cpp Examining data/raidutils-0.0.6/raidutil/zap.hpp FINAL RESULTS: data/raidutils-0.0.6/include/dpt_scsi.h:5956:92: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). void setServerName(uCHAR __FAR__ * in_P) { strcpy((char __FAR__ *) &filler[6], (char __FAR__ *) in_P); } data/raidutils-0.0.6/include/dpt_scsi.h:5963:91: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). void setServerVersion(uCHAR __FAR__ *in_P) { strcpy((char __FAR__ *) &filler[139], (char __FAR__ *) in_P); } data/raidutils-0.0.6/lib/ctlr_map.cpp:212:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf( Buffer, "%d %d %s %s %s\n", data/raidutils-0.0.6/lib/ctlr_map.cpp:226:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( path, ls_major, other_path ); data/raidutils-0.0.6/lib/ctlr_map.cpp:279:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf( Buffer, "%d %d %s\n", data/raidutils-0.0.6/lib/ctlr_map.cpp:281:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( Buffer, "/devices/%s:controli2o", new_entry->device ); data/raidutils-0.0.6/lib/ctlr_map.cpp:284:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( Buffer, "/devices/%s:dpti2o", new_entry->device ); data/raidutils-0.0.6/lib/ctlr_map.cpp:396:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(Buffer, "%d %d %d %s %s\n", data/raidutils-0.0.6/lib/ctlr_map.cpp:849:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf( Buffer, "%d %s\n", &controller, name); data/raidutils-0.0.6/lib/ctlr_map.cpp:878:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf( Buffer, "%d %d %s\n", &controller, &bus, name); data/raidutils-0.0.6/lib/ctlr_map.cpp:965:17: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf( Buffer, data/raidutils-0.0.6/lib/ctlr_map.cpp:1119:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (strcpy(newString, String)); data/raidutils-0.0.6/lib/ctlr_map.cpp:1176:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ctlrString, "%s/mscsi@%d,0", hbaString, bus); data/raidutils-0.0.6/lib/ctlr_map.cpp:1213:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(targString, "%st%dd%d", chanString, target, lun); data/raidutils-0.0.6/lib/ctlr_map.cpp:1229:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(targString, "%s/%s@%d,%d", ctlrString, data/raidutils-0.0.6/lib/ctlr_map.cpp:1337:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buffer, "dpt%s%d", &"i"[controller > 99], controller % 100 ); data/raidutils-0.0.6/lib/ctlr_map.cpp:1379:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buffer, "dpt%s%d", &"i"[controller > 99], controller % 100 ); data/raidutils-0.0.6/lib/ctlr_map.cpp:1439:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (cp, path, commands); data/raidutils-0.0.6/lib/ctlr_map.cpp:1441:31: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execle( "/bin/sh", "sh", "-c", cp, 0, env ); data/raidutils-0.0.6/lib/engcalls.cpp:571:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EngineLoadString,EnginePathName); data/raidutils-0.0.6/lib/engcalls.cpp:575:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EngineLoadString,EnginePathNameDefault); data/raidutils-0.0.6/lib/engcalls.cpp:586:13: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle(EngineLoadString,EngineLoadString, 0, environ); data/raidutils-0.0.6/lib/engcalls.cpp:596:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. i = system(EngineLoadString); data/raidutils-0.0.6/lib/engcalls.cpp:763:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(CommEngineLoadString, CommEnginePathName); data/raidutils-0.0.6/lib/engcalls.cpp:767:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(CommEngineLoadString, CommEnginePathNameDefault); data/raidutils-0.0.6/lib/engcalls.cpp:791:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(IniParams, iniFile); data/raidutils-0.0.6/lib/engcalls.cpp:792:23: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle(CommEngineLoadString,CommEngineLoadString, data/raidutils-0.0.6/lib/engcalls.cpp:796:28: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle(CommEngineLoadString,CommEngineLoadString, data/raidutils-0.0.6/lib/engcalls.cpp:808:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(IniParams, iniFile); data/raidutils-0.0.6/lib/engcalls.cpp:810:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(end_P,IniParams); data/raidutils-0.0.6/lib/engcalls.cpp:812:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. i = system(CommEngineLoadString); data/raidutils-0.0.6/lib/engcalls.cpp:1159:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EngineLoadString,PathName); data/raidutils-0.0.6/lib/findpath.c:149:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return (strcat (left, right)); data/raidutils-0.0.6/lib/findpath.c:239:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return (access (file, mode)); data/raidutils-0.0.6/lib/findpath.c:448:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (buffer, command, ps, grep, getpid()); data/raidutils-0.0.6/lib/findpath.c:449:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((fp = popen (buffer, "r")) != (FILE *)NULL) { data/raidutils-0.0.6/lib/findpath.c:469:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). cp = strcpy (buffer, cp); data/raidutils-0.0.6/lib/lockunix.c:68:19: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). extern char * mktemp __P((char * origTemplate)); data/raidutils-0.0.6/lib/lockunix.c:84:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (templateBuffer, Template, Name); data/raidutils-0.0.6/lib/lockunix.c:85:17: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). if ((fd = open(mktemp (templateBuffer), O_WRONLY|O_CREAT|O_EXCL, 0644)) < 0) { data/raidutils-0.0.6/lib/lockunix.c:93:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (lock, Lock, Name); data/raidutils-0.0.6/lib/lockunix.c:135:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (lock, Lock, Name); data/raidutils-0.0.6/lib/lockunix.c:154:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (lock, Lock, Name); data/raidutils-0.0.6/lib/lockunix.c:179:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (lock, Lock, Name); data/raidutils-0.0.6/raideng/debug.h:183:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(method_, "BEGIN %d: %s",count ,meth); data/raidutils-0.0.6/raideng/driver.cpp:643:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(logBuff,"DPT %s has downgraded firmware(%c%c.%c%c). Please contact DPT technical support for a firmware upgrade. In USA Phone: (407) 830-5522", data/raidutils-0.0.6/raideng/drv_busy.cpp:77:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy (Next->Name, Path); data/raidutils-0.0.6/raideng/drv_busy.cpp:95:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (Buffer, ls, Link->Name); data/raidutils-0.0.6/raideng/drv_busy.cpp:113:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy (Next->Name, strtok (Buffer + 1, eol)); data/raidutils-0.0.6/raideng/drv_busy.cpp:219:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(strcat(strcpy(name, data/raidutils-0.0.6/raideng/drv_busy.cpp:219:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(strcat(strcpy(name, data/raidutils-0.0.6/raideng/drv_busy.cpp:219:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcat(strcat(strcpy(name, data/raidutils-0.0.6/raideng/eng_unix.cpp:775:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pram,argv[i]); data/raidutils-0.0.6/raideng/osd_unix.cpp:1572:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)system ( data/raidutils-0.0.6/raideng/osd_unix.cpp:1711:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (cp, path, commands); data/raidutils-0.0.6/raideng/osd_unix.cpp:1713:21: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle( "/bin/sh", "sh", "-c", cp, 0, env ); data/raidutils-0.0.6/raideng/osd_unix.cpp:1758:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. && (sprintf(command, CheckLabel, name), data/raidutils-0.0.6/raideng/osd_unix.cpp:1766:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. && (sprintf(command, Format, name), data/raidutils-0.0.6/raideng/osd_unix.cpp:3126:26: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Str,LoggerPath); data/raidutils-0.0.6/raideng/osd_unix.cpp:3146:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. i = system(Str); data/raidutils-0.0.6/raideng/osd_unix.cpp:3691:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *fp = popen ( data/raidutils-0.0.6/raideng/osd_unix.cpp:3708:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Nodes[NumNodes] = strcpy (allocated, (const char *)DataBuff); data/raidutils-0.0.6/raideng/osd_unix.cpp:3721:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (HbaDevs[NumEntries].NodeName, Nodes[NumNodes]); data/raidutils-0.0.6/raideng/osd_unix.cpp:3742:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (HbaDevs[NumEntries].NodeName, data/raidutils-0.0.6/raideng/osd_unix.cpp:3761:19: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *fp = popen ( data/raidutils-0.0.6/raideng/osd_unix.cpp:3781:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(HbaDevs[NumEntries].NodeName, DEV_CTL); data/raidutils-0.0.6/raideng/osd_unix.cpp:3812:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(HbaDevs[NumEntries].NodeName, DEV_CTL); data/raidutils-0.0.6/raideng/osd_unix.cpp:3841:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(HbaDevs[NumEntries].NodeName,LongToAscii((uLONG)i,Tmp,10)); data/raidutils-0.0.6/raideng/osd_unix.cpp:3854:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(HbaDevs[NumEntries].NodeName,LongToAscii((uLONG)i,Tmp,10)); data/raidutils-0.0.6/raideng/osd_unix.cpp:3919:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(HbaDevs[NumEntries].NodeName,LongToAscii((uLONG)i,Tmp,10)); data/raidutils-0.0.6/raideng/osd_unix.cpp:4034:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(HbaDevs[NumEntries].NodeName,Tmp); data/raidutils-0.0.6/raideng/osd_unix.cpp:4197:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(NodeName, DirName); data/raidutils-0.0.6/raideng/osd_unix.cpp:4198:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(NodeName, direntp->d_name); data/raidutils-0.0.6/raideng/osd_unix.cpp:4202:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(HbaDevs[NumEntries].NodeName, NodeName); data/raidutils-0.0.6/raideng/osd_unix.cpp:4293:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(param_list, "%s %s,n %s,n", CM_MODNAME, CM_INSTNUM, data/raidutils-0.0.6/raideng/osd_unix.cpp:4333:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(param_list, "%s", CM_MEMADDR); data/raidutils-0.0.6/raideng/osd_unix.cpp:4560:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(HbaDevs[NumEntries].NodeName,Tmp); data/raidutils-0.0.6/raideng/osd_unix.cpp:4771:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(FileName,NodeFilePtr->NodeName); data/raidutils-0.0.6/raideng/osd_unix.cpp:5246:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)sdi_device, sdi_num); data/raidutils-0.0.6/raideng/osd_unix.cpp:5567:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(String); data/raidutils-0.0.6/raideng/semaphor.c:173:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rtnVal->semName, name); data/raidutils-0.0.6/raideng/semaphor.c:331:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(LocalSemaphoreName, name); data/raidutils-0.0.6/raideng/semaphor.c:473:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, name); data/raidutils-0.0.6/raideng/semaphor.c:921:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, name); data/raidutils-0.0.6/raidutil/config.cpp:78:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy (fileName = new char [strlen (fName) + 5], data/raidutils-0.0.6/raidutil/creatrad.cpp:692:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( address_Buf, "%s: %s %d", data/raidutils-0.0.6/raidutil/creatrad.cpp:698:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( address_Buf, "%s: %s", data/raidutils-0.0.6/raidutil/creatrad.cpp:704:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( address_Buf, "%s: %s", data/raidutils-0.0.6/raidutil/drv_busy.cpp:76:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy (Next->Name, Path); data/raidutils-0.0.6/raidutil/drv_busy.cpp:94:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (Buffer, ls, Link->Name); data/raidutils-0.0.6/raidutil/drv_busy.cpp:112:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy (Next->Name, strtok (Buffer + 1, eol)); data/raidutils-0.0.6/raidutil/drv_busy.cpp:218:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(strcat(strcpy(name, data/raidutils-0.0.6/raidutil/drv_busy.cpp:218:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void)strcat(strcat(strcpy(name, data/raidutils-0.0.6/raidutil/drv_busy.cpp:218:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcat(strcat(strcpy(name, data/raidutils-0.0.6/raidutil/eventlog.cpp:293:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(RdrStatusString,RdrStatusStrings[Count].StatusString); data/raidutils-0.0.6/raidutil/eventlog.cpp:1334:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(OldState, EventStrings[STR_WRITE_THRU]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1338:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(OldState, EventStrings[STR_WRITE_BACK]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1342:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(NewState, EventStrings[STR_WRITE_THRU]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1346:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(NewState, EventStrings[STR_WRITE_BACK]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1369:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(msg, EventStrings[STR_CAUSE_OF_BUS_RESET]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1373:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(msg, EventStrings[STR_HOST_CMD_BUS_RESET]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1377:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(msg, EventStrings[STR_WATCHDOG_BUS_RESET]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1524:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (msg, EventStrings[STR_STARTED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1526:22: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (msg, EventStrings[STR_STOPPED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1748:4: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, source, arguments); data/raidutils-0.0.6/raidutil/eventlog.cpp:1785:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_SUCCESS]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1788:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_REQ_ABORTED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1791:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_UNABLE_TO_ABORT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1794:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_COMPLETE_WITH_ERROR]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1797:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_ADAPTER_BUSY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1800:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_REQUEST_INVALID]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1803:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_PATH_INVALID]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1806:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_DEVICE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1808:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ErrorString, EventStrings[STR_NOT_PRESENT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1811:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_UNABLE_TO_TERMINATE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1814:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_SEL_TIMEOUT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1817:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_CMD_TIMEOUT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1820:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_MR_MSG_RECVD]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1823:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_BUS_RESET]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1826:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_PARITY_ERR_FAILURE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1829:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_AUTOSENSE_FAILED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1832:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_NO_ADAPTER]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1835:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_DATA_OVERRUN]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1838:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_UNX_FREE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1841:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_SEQ_FAILURE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1844:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_REQ_LEN_ERROR]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1847:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_PROVIDE_FAILURE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1850:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_BDR_MSG_SENT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1853:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_REQ_TERM]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1856:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_IDE_MSG_SENT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1859:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_RESOURCE_UNAVAIL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1862:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_UNACKED_EVENT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1865:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_MSG_RECVD]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1868:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_INVALID_CDB]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1871:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_LUN_INVALID]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1874:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_SCSI_TID_INVALID]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1877:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_FUNC_UNAVAIL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1880:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_NO_NEXUS]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1883:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_SCSI_IID_INVALID]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1886:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_CDB_RECVD]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1889:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_LUN_ALREADY_AVAIL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1892:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_BUS]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1893:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_BUSY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1896:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ErrorString, EventStrings[STR_QUEUE_FROZEN]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1899:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ErrorString,"%s : %x", EventStrings[STR_UNKNOWN_ERR_CODE], ErrorCode & 0x0f); data/raidutils-0.0.6/raidutil/eventlog.cpp:1981:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_NO_BATTERY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1984:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_TRICKLE_CHRGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1987:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_CHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1990:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_DISCHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1993:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BAD_BATTERY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1996:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_PRED_FAILURE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:1999:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_STARTING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2002:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_OPERATIONAL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2005:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_MAINT_CALIB]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2007:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_CHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2010:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_MAINT_CALIB]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2012:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_DISCHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2015:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_INIT_CALIB]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2017:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_CHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2020:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_INIT_CALIB]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2022:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_BBU_DISCHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2025:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_INIT_CALIB]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2027:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_RECHARGING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2030:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EventString, EventStrings[STR_UNKNOWN]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2045:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_UNSPECIFIED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2048:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_DEVICE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2051:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_POWER_SUPPLY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2054:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_COOLING_ELEM]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2057:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_TEMP_SENSOR]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2060:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_DOOR_LOCK]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2063:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_AUD_ALARM]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2066:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_ENCL_SERV_CTLR_ELEC]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2069:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_SCC_CTLR_ELEC]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2072:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_NONVOLATILE_CACHE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2075:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_UNINTERRUPTABLE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2077:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_POWER_SUPPLY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2080:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_DISPLAY]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2083:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_KEY_PAD_ENTRY_DEV]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2086:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_SCSI_PORT_XCEIVER]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2089:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_LANGUAGE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2092:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_COMM_PORT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2095:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_VOLT_SENSOR]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2098:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_CURRENT_SENSOR]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2101:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_SCSI_TGT_PORT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2104:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_SCSI_INIT_PORT]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2107:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_SIMPLE_SUBENCL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2110:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TypeString,EventStrings[STR_UNKNOWN]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2116:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_UNSUPPORTED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2119:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_OK]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2122:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_CRITICAL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2125:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_NONCRITICAL]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2128:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_UNRECOVERABLE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2131:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_NOT_INSTALLED]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2134:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_UNKNOWN]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2137:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_UNAVAILABLE]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2140:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(StatusString,EventStrings[STR_UNKNOWN]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2186:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, EventStrings[STR_PARENT_ARRAY_BUILDING]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2191:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, EventStrings[PAPmainstatus[main]]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2195:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, EventStrings[PAPsubtable[main][sub]]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2200:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, EventStrings[LAPmainstatus[main]]); data/raidutils-0.0.6/raidutil/eventlog.cpp:2204:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, EventStrings[LAPsubtable[main][sub]]); data/raidutils-0.0.6/raidutil/flash.cpp:158:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy (source = new char [ strlen (sourceFile) + 1 ], (const char *) sourceFile); data/raidutils-0.0.6/raidutil/flash.cpp:270:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char *)InitialType, EventStrings[STR_NVRAM] ); data/raidutils-0.0.6/raidutil/flash.cpp:271:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char *)ScanType, (const char *)InitialType ); data/raidutils-0.0.6/raidutil/flash.cpp:272:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (Buffer, EventStrings[STR_SCAN_TYPE_SIZE], ScanType, ScanSize); data/raidutils-0.0.6/raidutil/flash.cpp:285:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char *)InitialType, (const char *)ScanType ); data/raidutils-0.0.6/raidutil/flash.cpp:305:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (date, EventStrings[STR_FILLIN_DATE], data/raidutils-0.0.6/raidutil/flash.cpp:311:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (version, EventStrings[STR_FILLIN_VERSION], data/raidutils-0.0.6/raidutil/flash.cpp:318:16: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (Buffer, EventStrings[STR_SCAN_TYPE_SIZE_DATE_VERSION], data/raidutils-0.0.6/raidutil/flash.cpp:336:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ( (char *)ScanType, (const char *)InitialType ); data/raidutils-0.0.6/raidutil/flash.cpp:889:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy ((char *)ScanType, EventStrings[STR_FIRMWARE]); data/raidutils-0.0.6/raidutil/flash.cpp:913:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void)strcpy ((char *)ScanType, EventStrings[STR_FIRMWARE]); data/raidutils-0.0.6/raidutil/flash.cpp:1486:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp_Buf, "%ld%s", cache_Size_in_Mb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/flash.cpp:1710:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp_Buf, data/raidutils-0.0.6/raidutil/flash.cpp:1800:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp_Buf, EventStrings[STR_VERIFYING_ERR_MSG], data/raidutils-0.0.6/raidutil/listdev.cpp:195:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp, EventStrings[STR_VERSION_DATE], data/raidutils-0.0.6/raidutil/listdev.cpp:211:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp, EventStrings[STR_VERSION_DATE], data/raidutils-0.0.6/raidutil/listdev.cpp:365:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(speedString, "%s", "?"); data/raidutils-0.0.6/raidutil/listdev.cpp:416:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_SATA1500]); data/raidutils-0.0.6/raidutil/listdev.cpp:419:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_SATA3000]); data/raidutils-0.0.6/raidutil/listdev.cpp:422:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_SATA6000]); data/raidutils-0.0.6/raidutil/listdev.cpp:428:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_SATA]); data/raidutils-0.0.6/raidutil/listdev.cpp:480:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ATA33]); data/raidutils-0.0.6/raidutil/listdev.cpp:483:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ATA45]); data/raidutils-0.0.6/raidutil/listdev.cpp:487:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ATA66]); data/raidutils-0.0.6/raidutil/listdev.cpp:491:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ATA100]); data/raidutils-0.0.6/raidutil/listdev.cpp:495:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ATA133]); data/raidutils-0.0.6/raidutil/listdev.cpp:502:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ATA]); data/raidutils-0.0.6/raidutil/listdev.cpp:543:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_FIBRE]); data/raidutils-0.0.6/raidutil/listdev.cpp:550:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_UNKNOWN]); data/raidutils-0.0.6/raidutil/listdev.cpp:553:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ASYNC]); data/raidutils-0.0.6/raidutil/listdev.cpp:556:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ULTRA]); data/raidutils-0.0.6/raidutil/listdev.cpp:559:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ULTRA2]); data/raidutils-0.0.6/raidutil/listdev.cpp:562:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ULTRA3]); data/raidutils-0.0.6/raidutil/listdev.cpp:565:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ULTRA160]); data/raidutils-0.0.6/raidutil/listdev.cpp:568:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (speedString, EventStrings[STR_ULTRA320]); data/raidutils-0.0.6/raidutil/listdev.cpp:571:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(speedString, EventStrings[STR_FILLIN_MHZ], slowerSpeed); data/raidutils-0.0.6/raidutil/listdev.cpp:593:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(speedString, EventStrings[STR_FILLIN_GHZ], speed / 1000); data/raidutils-0.0.6/raidutil/listdev.cpp:594:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( widthString, EventStrings[STR_FIBRE]); data/raidutils-0.0.6/raidutil/listdev.cpp:606:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (speedString, EventStrings[STR_FILLIN_MB_PER_SEC], (speed * 2)); data/raidutils-0.0.6/raidutil/listdev.cpp:612:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (speedString, EventStrings[STR_FILLIN_MB_PER_SEC], (speed / 10)); data/raidutils-0.0.6/raidutil/listdev.cpp:617:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (speedString, EventStrings[STR_FILLIN_MB_PER_SEC], speed); data/raidutils-0.0.6/raidutil/listdev.cpp:622:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(speedString, EventStrings[STR_ASYNC]); data/raidutils-0.0.6/raidutil/listdev.cpp:628:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( widthString, EventStrings[STR_WIDE]); data/raidutils-0.0.6/raidutil/listdev.cpp:632:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( widthString, EventStrings[STR_NARROW]); data/raidutils-0.0.6/raidutil/listdev.cpp:639:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(speedString, "%s", "?"); data/raidutils-0.0.6/raidutil/listdev.cpp:1378:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp_Buf, EventStrings[STR_FILLIN_MV], batteryInfo.voltage); data/raidutils-0.0.6/raidutil/listdev.cpp:1382:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp_Buf, EventStrings[STR_FILLIN_MA], batteryInfo.current); data/raidutils-0.0.6/raidutil/listdev.cpp:1386:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp_Buf, EventStrings[STR_FILLIN_MAH], batteryInfo.fullChargeCapacity); data/raidutils-0.0.6/raidutil/listdev.cpp:1390:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp_Buf, EventStrings[STR_FILLIN_MAH], batteryInfo.remainingCapacity); data/raidutils-0.0.6/raidutil/listdev.cpp:1395:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp_Buf, EventStrings[STR_FILLIN_HRS], nHours); data/raidutils-0.0.6/raidutil/listdev.cpp:1604:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hbaRevision,hba_Info->revision); data/raidutils-0.0.6/raidutil/listdev.cpp:1631:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp_Buf, "%ld%s", cache_Size_in_Mb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/listdev.cpp:1839:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%ld%s", capacity_in_Mb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/listdev.cpp:1869:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%ld%s", capacity_in_Mb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/listdev.cpp:1882:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp_Buf, "%*s%s", 1, "", String); data/raidutils-0.0.6/raidutil/listdev.cpp:1886:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%ld%s",capacity_in_Mb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/listdev.cpp:2020:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(version, "%d.%c%c%s", sig.dsVersion, sig.dsRevision, data/raidutils-0.0.6/raidutil/listdev.cpp:2064:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp_Buf, "%*s+%s", indent, "", String); data/raidutils-0.0.6/raidutil/listdev.cpp:2066:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp_Buf, "%*s%s", indent, "", String); data/raidutils-0.0.6/raidutil/listdev.cpp:2205:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%ld%s", capacity_in_Mb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/namarray.cpp:92:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(arrayName, inName); data/raidutils-0.0.6/raidutil/namarray.cpp:116:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inName, arrayName); data/raidutils-0.0.6/raidutil/parsargv.cpp:114:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( concatenated_Argv_Buf, argv[ argv_Index ] ); data/raidutils-0.0.6/raidutil/parsargv.cpp:117:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( concatenated_Argv_Buf, argv[ argv_Index ] ); data/raidutils-0.0.6/raidutil/parser.cpp:1861:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (Buffer, OEMSpecificName); data/raidutils-0.0.6/raidutil/parser.cpp:2060:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buffer, this_Commands_Text ); data/raidutils-0.0.6/raidutil/parser.cpp:2088:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buffer, this_Commands_Text ); data/raidutils-0.0.6/raidutil/parser.cpp:2134:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( word, str ); data/raidutils-0.0.6/raidutil/parser.cpp:2864:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buf1, str1 ); data/raidutils-0.0.6/raidutil/parser.cpp:2865:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buf2, str2 ); data/raidutils-0.0.6/raidutil/raidutil.cpp:294:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (EventStrings[STR_MUST_BE_ROOT]); data/raidutils-0.0.6/raidutil/raidutil.cpp:591:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buf, str ); data/raidutils-0.0.6/raidutil/rmwflash.cpp:218:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp_Buf, data/raidutils-0.0.6/raidutil/segment.cpp:466:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp_Buf, "%s",String); data/raidutils-0.0.6/raidutil/segment.cpp:472:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%ld%s", segSizeInMb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/segment.cpp:523:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%ld %s",availableSizeInMb, EventStrings[STR_MB]); data/raidutils-0.0.6/raidutil/setrate.cpp:251:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( temp_Buf, "%d.%ds (%s)", thisRate / 10, thisRate % 10, data/raidutils-0.0.6/raidutil/setspeed.cpp:290:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_10MHZ]); data/raidutils-0.0.6/raidutil/setspeed.cpp:293:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_8MHZ]); data/raidutils-0.0.6/raidutil/setspeed.cpp:296:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_5MHZ]); data/raidutils-0.0.6/raidutil/setspeed.cpp:299:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_ASYNC]); data/raidutils-0.0.6/raidutil/setspeed.cpp:302:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_20MHZ]); data/raidutils-0.0.6/raidutil/setspeed.cpp:305:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_40MHZ]); data/raidutils-0.0.6/raidutil/setspeed.cpp:308:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_80MHZ]); data/raidutils-0.0.6/raidutil/setspeed.cpp:311:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (temp_Buf, EventStrings[STR_UNKNOWN]); data/raidutils-0.0.6/raidutil/status.cpp:860:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp = new char [ 11 + strlen (class_Str) ], "%s %x:%x", data/raidutils-0.0.6/raidutil/status.cpp:865:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (temp = new char [ strlen (Str) + 6 ], "%s %d%%", data/raidutils-0.0.6/raidutil/status.cpp:882:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (temp = new char [ strlen (Str) + 10 ], EventStrings[STR_STR_OVER_PENDING], data/raidutils-0.0.6/raidutil/strlist.cpp:155:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( items[ num_Items - 1 ], str ); data/raidutils-0.0.6/raidutil/strlist.cpp:314:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( items[ str_Index ], right.items[ str_Index ] ); data/raidutils-0.0.6/raidutil/taskctrl.cpp:362:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, STR_STOP_BUILD_WARNING); data/raidutils-0.0.6/raidutil/trapdef.h:202:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy((char *) arrayName, (char *) s); flags |= FLG_ARRAY_NAME_VALID; }; data/raidutils-0.0.6/raidutil/trapdef.h:205:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy((char *) hexDump, (char *) s); flags |= FLG_HEXDUMP_VALID; }; data/raidutils-0.0.6/raidutil/uartdmp.cpp:111:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(hbaOutStr, EventStrings[STR_UART_HBA_NUM], hbaNum); data/raidutils-0.0.6/raidutil/uartdmp.cpp:118:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(hbaOutStr, EventStrings[STR_HBA_NUM_NOT_FOUND], hbaNum); data/raidutils-0.0.6/raidutil/uartdmp.cpp:130:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(hbaOutStr, EventStrings[STR_UART_HBA_NUM], hbaIndex); data/raidutils-0.0.6/raidutil/uartdmp.cpp:160:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tempStr, EventStrings[STR_ERR_UART_HBA_NUM], hbaNbr); data/raidutils-0.0.6/raidutil/uartdmp.cpp:166:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(hbaOutStr, "%s\n", (char *) err); data/raidutils-0.0.6/raidutil/uartdmp.cpp:172:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tempStr, EventStrings[STR_UART_WRITTEN_TO_FILE], hbaNbr); data/raidutils-0.0.6/raidutil/uartdmp.cpp:178:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tempStr, EventStrings[STR_NO_UART_DATA], hbaNbr); data/raidutils-0.0.6/raidutil/zap.cpp:330:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( Buffer, "%ld%s", LBA / 2/ 1024L, EventStrings[STR_MB]); data/raidutils-0.0.6/lib/findpath.c:497:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (((_localArgv[0] = getenv ("_")) != (char *)NULL) data/raidutils-0.0.6/lib/findpath.c:556:37: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. SearchPath = AddSearch(SearchPath, getenv("DPTPATH")); data/raidutils-0.0.6/lib/findpath.c:560:37: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. SearchPath = AddSearch(SearchPath, getenv("PATH")); data/raidutils-0.0.6/raideng/connect.cpp:330:1: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(curTime); data/raidutils-0.0.6/raidutil/module.c:36:31: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. if ((rtnVal = (unsigned int*)LoadLibrary(name)) == 0) data/raidutils-0.0.6/include/dpt_eata.h:57:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define osdBcopy(src,dest,size) memcpy(dest,src,size) data/raidutils-0.0.6/include/dpt_eata.h:232:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char eataRdConfig_S[eataRdConfig_size]; data/raidutils-0.0.6/include/dpt_eata.h:483:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[4]; // EATA signature = ascii "EATA" data/raidutils-0.0.6/include/dpt_eata.h:1197:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char eataLSU_S[eataLSU_size]; data/raidutils-0.0.6/include/dpt_eata.h:1211:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char eataLSUList_S[eataLSUList_size]; data/raidutils-0.0.6/include/dpt_eata.h:1224:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char eataPhysDesc_S[eataPhysDesc_size]; data/raidutils-0.0.6/include/dpt_eata.h:1255:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char eataLSUDesc_S[eataLSUDesc_size]; data/raidutils-0.0.6/include/dpt_eata.h:1291:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char eataLSUCompList_S[eataLSUCompList_size]; data/raidutils-0.0.6/include/dpt_scsi.h:238:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scInquiry_S[scInquiry_size]; data/raidutils-0.0.6/include/dpt_scsi.h:523:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scRdCapacity_S[scRdCapacity_size]; data/raidutils-0.0.6/include/dpt_scsi.h:717:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scReadWrite6_S[scReadWrite6_size]; data/raidutils-0.0.6/include/dpt_scsi.h:887:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scReadWrite_S[scReadWrite_size]; data/raidutils-0.0.6/include/dpt_scsi.h:1067:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scReadWrite12_S[scReadWrite12_size]; data/raidutils-0.0.6/include/dpt_scsi.h:1527:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scModeSense_S[scModeSense_size]; data/raidutils-0.0.6/include/dpt_scsi.h:1768:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scLogSense_S[scLogSense_size]; data/raidutils-0.0.6/include/dpt_scsi.h:1989:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scReadBuffer_S[scReadBuffer_size]; data/raidutils-0.0.6/include/dpt_scsi.h:2113:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char scWriteBuffer_S[scWriteBuffer_size]; data/raidutils-0.0.6/include/dpt_scsi.h:2249:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char sdRequestSense_S[sdRequestSense_size]; data/raidutils-0.0.6/include/dpt_scsi.h:2466:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char sdInquiry_S[sdInquiry_size]; data/raidutils-0.0.6/include/dpt_scsi.h:2689:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char sdRdCapacity_S[sdRdCapacity_size]; data/raidutils-0.0.6/include/dpt_scsi.h:4342:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/raidutils-0.0.6/include/dpt_scsi.h:6746:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deviceChemistry[16]; data/raidutils-0.0.6/include/dpt_scsi.h:6747:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturerName[16]; data/raidutils-0.0.6/include/dpt_scsi.h:6748:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deviceName[16]; data/raidutils-0.0.6/include/dpt_scsi.h:6774:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char driveSizeTable_S[driveSizeTable_size]; data/raidutils-0.0.6/include/dptalign.h:81:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define osdLocal2(x) ((unsigned short)(((unsigned char __FAR__*)(x))[1]) \ data/raidutils-0.0.6/include/dptalign.h:82:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned short)(((unsigned char __FAR__*)(x))[0])) << 8)) data/raidutils-0.0.6/include/dptalign.h:86:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define osdSLocal2(x) ((unsigned short)(((unsigned char __FAR__ *)(x))[0])\ data/raidutils-0.0.6/include/dptalign.h:87:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned short)(((unsigned char __FAR__*)(x))[1])) << 8)) data/raidutils-0.0.6/include/dptalign.h:90:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define osdSLocal2(x) ((unsigned short)(((unsigned char __FAR__ *)(x))[0])\ data/raidutils-0.0.6/include/dptalign.h:91:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned short)(((unsigned char __FAR__*)(x))[1])) << 8)) data/raidutils-0.0.6/include/dptalign.h:95:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define osdLocal2(x) ((unsigned short)(((unsigned char __FAR__*)(x))[1]) \ data/raidutils-0.0.6/include/dptalign.h:96:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned short)(((unsigned char __FAR__*)(x))[0])) << 8)) data/raidutils-0.0.6/include/dptalign.h:109:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (x)+1)) + (((unsigned long)(((unsigned char __FAR__ *)(x))[0])) << 16)) data/raidutils-0.0.6/include/dptalign.h:115:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (x)+1)) + (((unsigned long)(((unsigned char __FAR__ *)(x))[0])) << 16)) data/raidutils-0.0.6/include/dptalign.h:128:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (x)+2)) + (((unsigned long)((unsigned char __FAR__ *)(x))[1]) << 16) \ data/raidutils-0.0.6/include/dptalign.h:129:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned long)((unsigned char __FAR__ *)(x))[0]) << 24)) data/raidutils-0.0.6/include/dptalign.h:134:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (x)+0)) + (((unsigned long)((unsigned char __FAR__ *)(x))[2]) << 16) \ data/raidutils-0.0.6/include/dptalign.h:135:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned long)((unsigned char __FAR__ *)(x))[3]) << 24)) data/raidutils-0.0.6/include/dptalign.h:139:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (x)+0)) + (((unsigned long)((unsigned char __FAR__ *)(x))[2]) << 16) \ data/raidutils-0.0.6/include/dptalign.h:140:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned long)((unsigned char __FAR__ *)(x))[3]) << 24)) data/raidutils-0.0.6/include/dptalign.h:145:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (x)+2)) + (((unsigned long)((unsigned char __FAR__ *)(x))[1]) << 16) \ data/raidutils-0.0.6/include/dptalign.h:146:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. + (((unsigned long)((unsigned char __FAR__ *)(x))[0]) << 24)) data/raidutils-0.0.6/include/dptsig.h:397:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsSignature[6]; /* ALWAYS "dPtSiG" */ data/raidutils-0.0.6/include/dptsig.h:417:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsDescription[dsDescription_size]; data/raidutils-0.0.6/include/dptsig.h:427:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsSignature[6] PACK; /* ALWAYS "dPtSiG" */ data/raidutils-0.0.6/include/dptsig.h:447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsDescription[dsDescription_size] PACK; data/raidutils-0.0.6/include/drv_busy.hpp:51:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Name[1]; data/raidutils-0.0.6/include/eng_osd.h:183:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendorID[10]; // Ascii string data/raidutils-0.0.6/include/eng_osd.h:184:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char productID[18]; // Ascii string data/raidutils-0.0.6/include/eng_osd.h:185:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char revision[6]; // Ascii string data/raidutils-0.0.6/include/get_info.h:160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_A[16]; // A user assigned name for the array data/raidutils-0.0.6/include/get_info.h:507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deviceChemistry[16]; // ASCII (ie. "NiMH") data/raidutils-0.0.6/include/get_info.h:508:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturerName[16]; // ASCII data/raidutils-0.0.6/include/get_info.h:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deviceName[16]; // ASCII data/raidutils-0.0.6/include/hba_log.h:2045:38: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void setServerName(uCHAR *inChar) { memcpy(&this->filler[5],inChar, 129); } data/raidutils-0.0.6/include/linux/i2o-dev.h:107:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char evt_data[I2O_EVT_DATA_SIZE]; data/raidutils-0.0.6/include/linux/i2o-dev.h:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product_id[24]; data/raidutils-0.0.6/include/osd_unix.h:449:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idPAL[4]; /* 4 Bytes Of The ID Pal */ data/raidutils-0.0.6/include/osd_unix.h:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idPAL[4]; /* 4 Bytes Of The ID Pal */ data/raidutils-0.0.6/lib/ctlr_map.cpp:126:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (hold, *array, sizeof(unsigned char) * *size ); data/raidutils-0.0.6/lib/ctlr_map.cpp:184:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[512]; data/raidutils-0.0.6/lib/ctlr_map.cpp:826:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[512]; data/raidutils-0.0.6/lib/ctlr_map.cpp:847:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/raidutils-0.0.6/lib/ctlr_map.cpp:876:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/raidutils-0.0.6/lib/ctlr_map.cpp:963:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[2], controller[7]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1035:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char buffer[8]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1036:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( buffer, "%db%d", i >> BUS_SHIFT, i & (NBUS-1) ); data/raidutils-0.0.6/lib/ctlr_map.cpp:1102:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hbaString, "c%d", ctlr); data/raidutils-0.0.6/lib/ctlr_map.cpp:1107:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hbaString, "d%d", hba); data/raidutils-0.0.6/lib/ctlr_map.cpp:1157:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ctlrString, "c%d", ctlr); data/raidutils-0.0.6/lib/ctlr_map.cpp:1164:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ctlrString, "d%db%d", hba, bus); data/raidutils-0.0.6/lib/ctlr_map.cpp:1208:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(chanString, "d%db%d", hba, bus); data/raidutils-0.0.6/lib/ctlr_map.cpp:1251:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( chanString, "/dev/%c%c%u", data/raidutils-0.0.6/lib/ctlr_map.cpp:1267:33: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( chanString, "/dev/%c%c%u", data/raidutils-0.0.6/lib/ctlr_map.cpp:1335:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1340:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "asr%d", controller % 100 ); data/raidutils-0.0.6/lib/ctlr_map.cpp:1377:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1382:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "asr%d", controller % 100 ); data/raidutils-0.0.6/lib/ctlr_map.cpp:1426:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * env[1] = { (char *)NULL }; data/raidutils-0.0.6/lib/ctlr_map.cpp:1540:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (( fd = open ( path, O_RDONLY ) ) >= 0 ) data/raidutils-0.0.6/lib/ctlr_map.cpp:1542:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/raidutils-0.0.6/lib/dpt_buff.cpp:87:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inData_P,data+readIndex,(uINT)numToCopy); data/raidutils-0.0.6/lib/dpt_buff.cpp:174:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+writeIndex,inData_P,(uINT)numToCopy); data/raidutils-0.0.6/lib/engcalls.cpp:112:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char EngineLoadString[100] = {'Z','\0'}; data/raidutils-0.0.6/lib/engcalls.cpp:113:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char CommEngineLoadString[100] = {'Z','\0'}; data/raidutils-0.0.6/lib/engcalls.cpp:312:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ToEngPtr,toEng_P,sizeof(dptBuffer_S) + data/raidutils-0.0.6/lib/engcalls.cpp:314:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(FromEngPtr,fromEng_P,sizeof(dptBuffer_S)); data/raidutils-0.0.6/lib/engcalls.cpp:402:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fromEng_P,FromEngPtr,sizeof(dptBuffer_S) + data/raidutils-0.0.6/lib/engcalls.cpp:732:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char IniParams[50]; data/raidutils-0.0.6/lib/engcalls.cpp:790:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(IniParams, " INI="); data/raidutils-0.0.6/lib/engcalls.cpp:807:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(IniParams, " -INI="); data/raidutils-0.0.6/lib/engcalls.cpp:809:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(IniParams, " &"); data/raidutils-0.0.6/lib/engcalls.cpp:1160:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(EngineLoadString," &"); data/raidutils-0.0.6/lib/findpath.c:172:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ((char *)memcpy (retVal, left, size - 1))[size - 1] = '\0'; data/raidutils-0.0.6/lib/findpath.c:205:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. ((char *)memcpy (retVal, cp, size - 1))[size - 1] = '\0'; data/raidutils-0.0.6/lib/findpath.c:277:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy (hold, q, (unsigned)(r - q)); data/raidutils-0.0.6/lib/findpath.c:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * _localArgv[2]; data/raidutils-0.0.6/lib/findpath.c:514:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * execute = DirName ((CONST char *)localArgv[0]); data/raidutils-0.0.6/lib/funcs.c:359:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Str[80]; data/raidutils-0.0.6/lib/lockunix.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/raidutils-0.0.6/lib/lockunix.c:85:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(mktemp (templateBuffer), O_WRONLY|O_CREAT|O_EXCL, 0644)) < 0) { data/raidutils-0.0.6/lib/lockunix.c:90:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "%d\n", (int)getpid()); data/raidutils-0.0.6/lib/lockunix.c:101:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(lock, O_RDONLY)) >= 0) { data/raidutils-0.0.6/lib/lockunix.c:104:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((fd = atoi (buffer)) == 0) { /* Empty file is a lock */ data/raidutils-0.0.6/lib/lockunix.c:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/raidutils-0.0.6/lib/lockunix.c:155:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(lock, O_WRONLY|O_CREAT|O_TRUNC, 0644)) >= 0) { data/raidutils-0.0.6/lib/lockunix.c:156:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "%d\n", pid); data/raidutils-0.0.6/lib/lockunix.c:173:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/raidutils-0.0.6/lib/lockunix.c:180:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(lock, O_RDONLY); data/raidutils-0.0.6/lib/lockunix.c:187:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((fd = atoi (buffer)) == 0) { /* Empty file is a lock */ data/raidutils-0.0.6/raideng/array.cpp:126:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBuff_P,buff_P,objCount*objSize); data/raidutils-0.0.6/raideng/array.cpp:217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_P+(offset*objSize),newObj_P,objSize); data/raidutils-0.0.6/raideng/array.cpp:326:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(obj_P,buff_P+offset*objSize,objSize); data/raidutils-0.0.6/raideng/array.cpp:396:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_P+totalObjs*objSize,buff_P+offset1*objSize,objSize); data/raidutils-0.0.6/raideng/array.cpp:398:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_P+offset1*objSize,buff_P+offset2*objSize,objSize); data/raidutils-0.0.6/raideng/array.cpp:400:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_P+offset2*objSize,buff_P+totalObjs*objSize,objSize); data/raidutils-0.0.6/raideng/array.cpp:438:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_P+totalObjs*objSize,buff_P+objOffset*objSize,objSize); data/raidutils-0.0.6/raideng/debug.h:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char method_[128]; data/raidutils-0.0.6/raideng/debug.h:200:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(method_, "END ", 5); data/raidutils-0.0.6/raideng/device.cpp:1932:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, ccb_P->modeParam_P->getData(), 512); data/raidutils-0.0.6/raideng/device.cpp:3109:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ch_P, &inSegment, 36); data/raidutils-0.0.6/raideng/device.cpp:3501:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ccb_P->modeParam_P->getData(),dptName,DPT_NAME_SIZE); data/raidutils-0.0.6/raideng/device.cpp:3553:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dptName,ccb_P->modeParam_P->getData(),DPT_NAME_SIZE); data/raidutils-0.0.6/raideng/device.cpp:4920:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page, ccb_P->modeParam_P->getData(), page.size()); data/raidutils-0.0.6/raideng/device.cpp:4932:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page_P, &page, page.size()); data/raidutils-0.0.6/raideng/device.cpp:4938:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page_P, &devRights, devRights.size()); data/raidutils-0.0.6/raideng/dpt_osd.h:90:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define osdBcopy(x,y,z) memcpy(y,x,z) data/raidutils-0.0.6/raideng/dptcbuff.c:92:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_P,&bp->data[bp->readIndex],(uINT)numToCopy); data/raidutils-0.0.6/raideng/dptcbuff.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bp->data[bp->writeIndex],src_P,(uINT)numToCopy); data/raidutils-0.0.6/raideng/dptcbuff.c:154:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bp->data[bp->writeIndex],&src,(uINT)numToCopy); data/raidutils-0.0.6/raideng/dptcbuff.c:175:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bp->data[bp->writeIndex],&src,(uINT)numToCopy); data/raidutils-0.0.6/raideng/dptcbuff.c:196:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bp->data[bp->writeIndex],&src,(uINT)numToCopy); data/raidutils-0.0.6/raideng/dptdebug.h:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char Buffer[2]; data/raidutils-0.0.6/raideng/dptdebug.h:154:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { unsigned char buffer[12]; data/raidutils-0.0.6/raideng/dptdebug.h:274:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1]; data/raidutils-0.0.6/raideng/driver.cpp:642:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logBuff[256]; data/raidutils-0.0.6/raideng/drv_busy.cpp:121:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Link->Major = atoi(Path); data/raidutils-0.0.6/raideng/drv_busy.cpp:123:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Link->Minor = atoi(Path); data/raidutils-0.0.6/raideng/drv_busy.cpp:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char * Targets[2]; data/raidutils-0.0.6/raideng/drv_busy.cpp:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ** Dirs[sizeof(Targets)/sizeof(Targets[0])]; data/raidutils-0.0.6/raideng/drv_busy.cpp:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ** Suffixes[sizeof(Targets)/sizeof(Targets[0])]; data/raidutils-0.0.6/raideng/drv_busy.cpp:355:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hba = atoi(argv[1]); data/raidutils-0.0.6/raideng/drv_busy.cpp:358:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bus = atoi(argv[2]); data/raidutils-0.0.6/raideng/drv_busy.cpp:361:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). target = atoi(argv[3]); data/raidutils-0.0.6/raideng/drv_busy.cpp:364:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lun = atoi(argv[4]); data/raidutils-0.0.6/raideng/eata2i2o.c:249:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define defAlignLong(structure,name) unsigned char name[sizeof(structure)] data/raidutils-0.0.6/raideng/eata2i2o.c:257:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char name[sizeof(structure)+(sizeof(long)-1)] data/raidutils-0.0.6/raideng/eata2i2o.c:733:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[sizeof(I2O_HRT_ENTRY) * (MAX_HRT - 1)]; data/raidutils-0.0.6/raideng/eata2i2o.c:751:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char adapterID[MAX_HRT];/* Adapter's SCSI Target ID */ data/raidutils-0.0.6/raideng/eata2i2o.c:973:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[255]; data/raidutils-0.0.6/raideng/eata2i2o.c:1197:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)Device)[4] = (unsigned char)( data/raidutils-0.0.6/raideng/eata2i2o.c:1310:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fill[sizeof(I2O_SGE_SIMPLE_ELEMENT)*2 data/raidutils-0.0.6/raideng/eata2i2o.c:1498:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[48]; data/raidutils-0.0.6/raideng/eata2i2o.c:2030:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Target = ((char __FAR__ *)eata_P)[2]; data/raidutils-0.0.6/raideng/eata2i2o.c:2032:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Lun = ((char __FAR__ *)eata_P)[3]; data/raidutils-0.0.6/raideng/eata2i2o.c:2410:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fill[(4 * sizeof(I2O_SGE_SIMPLE_ELEMENT)) data/raidutils-0.0.6/raideng/eata2i2o.c:2587:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[48]; data/raidutils-0.0.6/raideng/eata2i2o.c:2792:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. STATIC unsigned char DPTI_SpoofedBoot[1] = { data/raidutils-0.0.6/raideng/eata2i2o.c:3140:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/raidutils-0.0.6/raideng/eata2i2o.c:3316:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[255]; /* Must be 108 <= Size <= 255 */ data/raidutils-0.0.6/raideng/eata2i2o.c:3346:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Found[8][128/8]; data/raidutils-0.0.6/raideng/eata2i2o.c:3399:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { unsigned char Bus, Id, Target = ((char __FAR__ *)eata_P)[2]; data/raidutils-0.0.6/raideng/eata2i2o.c:3440:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Target = ((char __FAR__ *)eata_P)[2]; data/raidutils-0.0.6/raideng/eata2i2o.c:3441:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Lun = ((char __FAR__ *)eata_P)[3]; data/raidutils-0.0.6/raideng/eata2i2o.c:3467:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char __FAR__ *)eata_P)[3] = OriginalLun; data/raidutils-0.0.6/raideng/eata2i2o.c:3481:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fill[(sizeof(I2O_SGE_SIMPLE_ELEMENT)*2) data/raidutils-0.0.6/raideng/eata2i2o.c:3586:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char __FAR__ *)eata_P)[3] = OriginalLun; data/raidutils-0.0.6/raideng/eata2i2o.c:3656:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char modeSense[8+6]; data/raidutils-0.0.6/raideng/eata2i2o.c:3866:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char __FAR__ * flashBuffers[4]; data/raidutils-0.0.6/raideng/eata2i2o.c:4478:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fill[sizeof(I2O_SGE_SIMPLE_ELEMENT)*NUM_SG data/raidutils-0.0.6/raideng/eata2i2o.c:4482:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fill[sizeof(I2O_SGE_SIMPLE_ELEMENT)*2 data/raidutils-0.0.6/raideng/eng_unix.cpp:137:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char TimeString[80]; data/raidutils-0.0.6/raideng/eng_unix.cpp:758:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pram[80]; data/raidutils-0.0.6/raideng/eng_unix.cpp:851:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DebugToFile = atoi(argv[i]); data/raidutils-0.0.6/raideng/engine.cpp:548:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen("/tmp/scan.txt", "a+"); data/raidutils-0.0.6/raideng/engine.cpp:550:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen("sys:system\\scan.txt"); data/raidutils-0.0.6/raideng/engine.cpp:552:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen("c:\\scan.txt", "a+"); data/raidutils-0.0.6/raideng/engine.cpp:652:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen( "Last.pkt", "wb" ); data/raidutils-0.0.6/raideng/engine.cpp:763:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pFile = fopen( "Last.pkt", "ab+" ); data/raidutils-0.0.6/raideng/hba.cpp:739:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 1: memcpy(busSpeed,"3.3",4); break; data/raidutils-0.0.6/raideng/hba.cpp:740:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 2: memcpy(busSpeed,"4.0",4); break; data/raidutils-0.0.6/raideng/hba.cpp:741:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 3: memcpy(busSpeed,"4.4",4); break; data/raidutils-0.0.6/raideng/hba.cpp:742:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 4: memcpy(busSpeed,"5.0",4); break; data/raidutils-0.0.6/raideng/hba.cpp:743:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 5: memcpy(busSpeed,"5.7",4); break; data/raidutils-0.0.6/raideng/hba.cpp:744:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 6: memcpy(busSpeed,"6.7",4); break; data/raidutils-0.0.6/raideng/hba.cpp:745:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 7: memcpy(busSpeed,"8.0",4); break; data/raidutils-0.0.6/raideng/hba.cpp:746:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 8: memcpy(busSpeed," 10",4); break; data/raidutils-0.0.6/raideng/hba.cpp:747:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 0x10: memcpy(busSpeed," 33",4); break; data/raidutils-0.0.6/raideng/hba.cpp:748:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 0x11: memcpy(busSpeed," 66",4); break; data/raidutils-0.0.6/raideng/hba.cpp:749:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 0x12: memcpy(busSpeed,"132",4); break; data/raidutils-0.0.6/raideng/hba.cpp:750:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 0x13: memcpy(busSpeed,"264",4); break; data/raidutils-0.0.6/raideng/hba.cpp:2485:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ccb_P->dataBuff_P, driveSizeTable_P, tableSize); data/raidutils-0.0.6/raideng/hba.cpp:2530:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(driveSizeTable_P, ds_P, 8+(ds_P->getNumEntries()<<2)); data/raidutils-0.0.6/raideng/hba.cpp:3180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(emulAddrs,emul_P->getChanID0_P(),8); data/raidutils-0.0.6/raideng/hba.cpp:4065:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&page, ccb_P->modeParam_P->getData(), page.size()); data/raidutils-0.0.6/raideng/hba.cpp:4118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ccb_P->modeParam_P->getData(), &page, page.size()); data/raidutils-0.0.6/raideng/i2omodul.h:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char moduleVersion[4]; /* 4 ascii characters */ data/raidutils-0.0.6/raideng/i2omodul.h:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char moduleInfo[24]; /* ascii string name */ data/raidutils-0.0.6/raideng/manager.cpp:813:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dev_P->segment_P, segEl_P, dptLAP2segment_S::size() * 8); data/raidutils-0.0.6/raideng/manager.cpp:1757:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(segEl_P, dev_P->segment_P, dptLAP2segment_S::size()*dev_P->maxSegments); data/raidutils-0.0.6/raideng/object.cpp:119:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.vendorID,inq_P->getVendorID(),8); data/raidutils-0.0.6/raideng/object.cpp:120:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.productID,inq_P->getProductID(),16); data/raidutils-0.0.6/raideng/object.cpp:121:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.revision,inq_P->getRevision(),4); data/raidutils-0.0.6/raideng/object.cpp:122:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.vendorExtra,inq_P->getVendorExtra(),20); data/raidutils-0.0.6/raideng/object.cpp:416:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( fromEng_P->data, ccb_P->defReqSense, DEFAULT_REQ_SENSE_SIZE ); data/raidutils-0.0.6/raideng/object.cpp:709:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ccb_P->defData+8,toEng_P->data+2,dataLength); data/raidutils-0.0.6/raideng/object.cpp:715:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ccb_P->defData+4,toEng_P->data+2,dataLength); data/raidutils-0.0.6/raideng/osd_unix.cpp:289:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NodeName[MAX_NAME]; data/raidutils-0.0.6/raideng/osd_unix.cpp:341:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char TimeString[80]; data/raidutils-0.0.6/raideng/osd_unix.cpp:403:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(DefaultHbaDev->NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:675:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sig_P->dsDescription, "UnixWare I2O OSM Driver"); data/raidutils-0.0.6/raideng/osd_unix.cpp:819:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Ptr,ccb_P,sizeof(eataCP_S)); data/raidutils-0.0.6/raideng/osd_unix.cpp:1168:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)IoctlStdMessageFrame_P, data/raidutils-0.0.6/raideng/osd_unix.cpp:1175:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)IoctlStdMessageFrame_P, data/raidutils-0.0.6/raideng/osd_unix.cpp:1192:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[HbaNum].NodeName, O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:1308:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)UserReply_P, (void *)IoctlReply_P, data/raidutils-0.0.6/raideng/osd_unix.cpp:1446:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char io_data[8]; data/raidutils-0.0.6/raideng/osd_unix.cpp:1490:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[HbaNum].NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:1527:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int FileID = open(HbaDevs[HbaNum].NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:1546:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int FileID = open(HbaDevs[HbaNum].NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:1633:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[HbaNum].NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:1698:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * env[1] = { (char *)NULL }; data/raidutils-0.0.6/raideng/osd_unix.cpp:1830:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[HbaNum].NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:1852:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy (Packet->io_data, Buffer, Size); data/raidutils-0.0.6/raideng/osd_unix.cpp:1855:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy (Buffer, Packet->io_data, Size); data/raidutils-0.0.6/raideng/osd_unix.cpp:2283:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr_P, DataBuff, sizeof(drvrHBAinfo_S)); data/raidutils-0.0.6/raideng/osd_unix.cpp:2897:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Str[180]; data/raidutils-0.0.6/raideng/osd_unix.cpp:3109:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Str,"dptelog"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3114:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Str,"/var/dpt/dptelog "); data/raidutils-0.0.6/raideng/osd_unix.cpp:3116:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Str,"/usr/lpp/dpt/dptelog "); data/raidutils-0.0.6/raideng/osd_unix.cpp:3118:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Str,"/opt/dpt/bin/dptelog "); data/raidutils-0.0.6/raideng/osd_unix.cpp:3120:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Str,"/opt/SUNWhwrdg/bin/dptelog "); data/raidutils-0.0.6/raideng/osd_unix.cpp:3122:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(Str,"/usr/dpt/dptelog "); data/raidutils-0.0.6/raideng/osd_unix.cpp:3145:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(Str," &"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3365:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toLogger_P->data,((dptData_S *)data_P)->data, data/raidutils-0.0.6/raideng/osd_unix.cpp:3381:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)((dptCCB_S *)data_P)->eataCP.dataAddr, data/raidutils-0.0.6/raideng/osd_unix.cpp:3398:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fromLoggerBuffer_P->data,fromLogger_P->data, data/raidutils-0.0.6/raideng/osd_unix.cpp:3698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Nodes[MAX_HAS]; data/raidutils-0.0.6/raideng/osd_unix.cpp:3743:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *)HbaDevs[NumEntries-1].NodeName); data/raidutils-0.0.6/raideng/osd_unix.cpp:3754:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Tmp[80]; data/raidutils-0.0.6/raideng/osd_unix.cpp:3837:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/dpti"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3853:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/rdpti"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3913:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3915:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(HbaDevs[NumEntries].NodeName,"/rdptr"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3917:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(HbaDevs[NumEntries].NodeName,"/dptr"); data/raidutils-0.0.6/raideng/osd_unix.cpp:3989:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[100]; data/raidutils-0.0.6/raideng/osd_unix.cpp:3990:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Tmp[80]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4014:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/sra"); data/raidutils-0.0.6/raideng/osd_unix.cpp:4022:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/hba/dpti"); data/raidutils-0.0.6/raideng/osd_unix.cpp:4027:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/hba/dpt"); data/raidutils-0.0.6/raideng/osd_unix.cpp:4049:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[NumEntries].NodeName, O_RDWR); data/raidutils-0.0.6/raideng/osd_unix.cpp:4178:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char DirName[80],NodeName[80]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4184:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(DirName, "/dev/fru/"); data/raidutils-0.0.6/raideng/osd_unix.cpp:4199:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(NodeName, O_RDWR); data/raidutils-0.0.6/raideng/osd_unix.cpp:4273:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_list[PM_SIZE]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4274:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val_buf[VB_SIZE]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4315:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). instance = atoi(token); data/raidutils-0.0.6/raideng/osd_unix.cpp:4325:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parentKey = atoi(token); data/raidutils-0.0.6/raideng/osd_unix.cpp:4400:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[100]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4401:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Tmp[80]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4428:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/ptosm"); data/raidutils-0.0.6/raideng/osd_unix.cpp:4431:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[NumEntries].NodeName, O_RDWR); data/raidutils-0.0.6/raideng/osd_unix.cpp:4558:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(HbaDevs[NumEntries].NodeName,"/dev/hba/hba"); data/raidutils-0.0.6/raideng/osd_unix.cpp:4561:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[NumEntries].NodeName, O_RDWR); data/raidutils-0.0.6/raideng/osd_unix.cpp:4726:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(String,"%.2d.%.2d.%.2d %.2d:%.2d:%.2d ",ts->tm_mday, ts->tm_mon + 1, data/raidutils-0.0.6/raideng/osd_unix.cpp:4729:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(String,"%.2d/%.2d/%.2d-%.2d:%.2d:%.2d ",ts->tm_mon + 1, data/raidutils-0.0.6/raideng/osd_unix.cpp:4765:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char FileName[80]; data/raidutils-0.0.6/raideng/osd_unix.cpp:4776:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(FileName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:5014:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameBuf[50]; data/raidutils-0.0.6/raideng/osd_unix.cpp:5023:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nameBuf, "sra%d", j); data/raidutils-0.0.6/raideng/osd_unix.cpp:5123:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[ctlrNum],O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:5219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sdi_device[50], sdi_num[3]; data/raidutils-0.0.6/raideng/osd_unix.cpp:5223:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(HbaDevs[ctlrNum].NodeName,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:5237:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)sdi_device, "/dev/ios0/rsdisk"); data/raidutils-0.0.6/raideng/osd_unix.cpp:5239:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)sdi_device, "/dev/ios1/rsdisk"); data/raidutils-0.0.6/raideng/osd_unix.cpp:5241:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sdi_num, "%3.3d", (scsi_addr_to_sdinum & 0xff) + data/raidutils-0.0.6/raideng/osd_unix.cpp:5247:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)sdi_device, "s7"); data/raidutils-0.0.6/raideng/osd_unix.cpp:5326:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FileID = open(device,O_RDONLY); data/raidutils-0.0.6/raideng/osd_unix.cpp:5366:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt->EataCP.CPcdb, ccb_P->eataCP.scsiCDB, 12); data/raidutils-0.0.6/raideng/osd_unix.cpp:5383:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ccb_P->eataCP.scsiCDB, pkt->EataCP.CPcdb, 12); data/raidutils-0.0.6/raideng/osd_unix.cpp:5413:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt->EataCP.CPcdb, ccb_P->eataCP.scsiCDB, 12); data/raidutils-0.0.6/raideng/osd_unix.cpp:5572:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). DebugFileHandle = fopen(DebugFileName, "a+"); data/raidutils-0.0.6/raideng/ptrarray.cpp:107:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&void_P,getObjPtr()+curIndex*getObjSize(),getObjSize()); data/raidutils-0.0.6/raideng/raid_bcd.cpp:193:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(boardID,&ccb_P->defData[154],4); data/raidutils-0.0.6/raideng/raid_bcd.cpp:195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(boardDate,&ccb_P->defData[144],8); data/raidutils-0.0.6/raideng/raid_bcd.cpp:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fwVerDate,&ccb_P->defData[8],6); data/raidutils-0.0.6/raideng/raid_bcd.cpp:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(swVerDate,&ccb_P->defData[8],6); data/raidutils-0.0.6/raideng/scsi_ccb.cpp:101:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen("engine.err", "a+"); data/raidutils-0.0.6/raideng/scsi_obj.cpp:78:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.vendorID,"UNKNOWN",8); data/raidutils-0.0.6/raideng/scsi_obj.cpp:79:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.productID,"--UNKNOWN--",12); data/raidutils-0.0.6/raideng/scsi_obj.cpp:80:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(descr.revision,"NONE",5); data/raidutils-0.0.6/raideng/scsidrvr.cpp:484:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dsmFlags, &toEng_P->data[toEng_P->writeIndex-4], 2); data/raidutils-0.0.6/raideng/semaphor.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char semName[MAX_SEM_NAME_LEN]; data/raidutils-0.0.6/raideng/semaphor.c:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char LocalSemaphoreName[MAX_SEM_NAME_LEN] = ""; data/raidutils-0.0.6/raideng/semaphor.c:164:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rtnVal->handle = open(name, O_CREAT | O_RDWR, S_IRWXU | S_IRWXG); data/raidutils-0.0.6/raideng/semaphor.c:330:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(LocalSemaphoreName, "/tmp/"); data/raidutils-0.0.6/raideng/semaphor.c:332:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(LocalSemaphoreName,"_unnamed"); data/raidutils-0.0.6/raideng/semaphor.c:334:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). handle = open(LocalSemaphoreName, O_CREAT | O_RDWR, 0); data/raidutils-0.0.6/raideng/semaphor.c:469:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_SEM_NAME_LEN]; data/raidutils-0.0.6/raideng/semaphor.c:472:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp, "/tmp/"); data/raidutils-0.0.6/raideng/semaphor.c:917:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_SEM_NAME_LEN]; data/raidutils-0.0.6/raideng/semaphor.c:920:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp, "/tmp/"); data/raidutils-0.0.6/raideng/swap_em.c:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[4], *dst; data/raidutils-0.0.6/raidutil/alarm.cpp:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/raidutils-0.0.6/raidutil/alarm.cpp:292:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/raidutils-0.0.6/raidutil/alarm.cpp:334:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buf[256]; data/raidutils-0.0.6/raidutil/alarm.cpp:348:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( temp_buf, "d%d", addr_P->hba ); data/raidutils-0.0.6/raidutil/alarm.cpp:377:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/raidutils-0.0.6/raidutil/bufio.h:42:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf[23]; data/raidutils-0.0.6/raidutil/cmdlist.cpp:93:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Items, items, num_Items * sizeof( Command * ) ); data/raidutils-0.0.6/raidutil/cmdlist.cpp:146:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Commands, items, num_Items * sizeof( Command *) ); data/raidutils-0.0.6/raidutil/command.cpp:2151:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[512]; data/raidutils-0.0.6/raidutil/command.cpp:2339:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(list[i]), &(idBuff_P->data[i*dptID_S_sz]), dptID_S_sz); data/raidutils-0.0.6/raidutil/command.cpp:2342:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(where, idBuff_P->data, numFound * sizeof(dptID_S)); data/raidutils-0.0.6/raidutil/config.cpp:136:31: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!strchr(fileName, '.')) strcat(fileName, ".dsm"); data/raidutils-0.0.6/raidutil/config.cpp:139:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (fileName, "rb"); data/raidutils-0.0.6/raidutil/config.cpp:141:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (fileName, "wb"); data/raidutils-0.0.6/raidutil/config.cpp:191:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(writeHdr.signature, "DSM1"); data/raidutils-0.0.6/raidutil/config.hpp:85:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[5]; data/raidutils-0.0.6/raidutil/config.hpp:86:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bullshit[3]; data/raidutils-0.0.6/raidutil/creatrad.cpp:684:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address_Buf[ 80 ]; data/raidutils-0.0.6/raidutil/debug.hpp:88:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char space_Buf[ 80 ]; data/raidutils-0.0.6/raidutil/deletrad.cpp:409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ids [MAX_CHANNELS][NUMBER_OF_IDS]; // array of IDs data/raidutils-0.0.6/raidutil/drv_busy.cpp:120:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Link->Major = atoi(Path); data/raidutils-0.0.6/raidutil/drv_busy.cpp:122:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Link->Minor = atoi(Path); data/raidutils-0.0.6/raidutil/drv_busy.cpp:175:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char * Targets[2]; data/raidutils-0.0.6/raidutil/drv_busy.cpp:176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ** Dirs[sizeof(Targets)/sizeof(Targets[0])]; data/raidutils-0.0.6/raidutil/drv_busy.cpp:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ** Suffixes[sizeof(Targets)/sizeof(Targets[0])]; data/raidutils-0.0.6/raidutil/drv_busy.cpp:354:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hba = atoi(argv[1]); data/raidutils-0.0.6/raidutil/drv_busy.cpp:357:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bus = atoi(argv[2]); data/raidutils-0.0.6/raidutil/drv_busy.cpp:360:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). target = atoi(argv[3]); data/raidutils-0.0.6/raidutil/drv_busy.cpp:363:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lun = atoi(argv[4]); data/raidutils-0.0.6/raidutil/engiface.cpp:104:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(toEng_P->data, inEngine.toEng_P->data, inEngine.toEng_P->allocSize); data/raidutils-0.0.6/raidutil/engiface.cpp:107:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fromEng_P->data, inEngine.fromEng_P->data, inEngine.fromEng_P->allocSize); data/raidutils-0.0.6/raidutil/eventlog.cpp:280:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(RdrStatusString,", "); data/raidutils-0.0.6/raidutil/eventlog.cpp:287:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(RdrStatusString,": "); data/raidutils-0.0.6/raidutil/eventlog.cpp:500:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/raidutils-0.0.6/raidutil/eventlog.cpp:613:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ErrorString[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1084:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TypeString[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1085:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char StatusString[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1156:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char StatusString[200]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1314:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OldState[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1315:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NewState[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1328:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OldState[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1329:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NewState[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1356:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:1515:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/raidutils-0.0.6/raidutil/eventlog.cpp:2006:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(EventString, ", "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2011:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(EventString, ", "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2016:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(EventString, ", "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2021:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(EventString, ", "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2026:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(EventString, ", "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2221:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tempBuf_P, logbuf_P->data, logbuf_P->writeIndex); data/raidutils-0.0.6/raidutil/eventlog.cpp:2246:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tempBuf_P + index, tempBuf_P + (index + 1), bufLen - index - 1); data/raidutils-0.0.6/raidutil/eventlog.cpp:2264:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(logbuf_P->data, tempBuf_P, origBufLen); data/raidutils-0.0.6/raidutil/eventlog.cpp:2269:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tempBuf_P + index, tempBuf_P + (index + 1), bufLen - index - 1); data/raidutils-0.0.6/raidutil/flash.cpp:103:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char controllerModel[8]; data/raidutils-0.0.6/raidutil/flash.cpp:104:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileDescriptionModel[8]; data/raidutils-0.0.6/raidutil/flash.cpp:220:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char firmwareStreamBuf[BYTES_PER_TRANSFER]; data/raidutils-0.0.6/raidutil/flash.cpp:226:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). firmwareStream.open(source, std::ios::in | std::ios::bin); data/raidutils-0.0.6/raidutil/flash.cpp:228:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). firmwareStream.open(source, std::ios::in); data/raidutils-0.0.6/raidutil/flash.cpp:230:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). firmwareStream.open(source, std::ios::in | std::ios::binary); data/raidutils-0.0.6/raidutil/flash.cpp:259:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char InitialType[16]; data/raidutils-0.0.6/raidutil/flash.cpp:267:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[128]; data/raidutils-0.0.6/raidutil/flash.cpp:270:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strcpy ( (char *)InitialType, EventStrings[STR_NVRAM] ); data/raidutils-0.0.6/raidutil/flash.cpp:297:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[128]; data/raidutils-0.0.6/raidutil/flash.cpp:298:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[11]; data/raidutils-0.0.6/raidutil/flash.cpp:299:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[sizeof(ScanVersion)+sizeof(ScanBuild)+1]; data/raidutils-0.0.6/raidutil/flash.cpp:364:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[7]; data/raidutils-0.0.6/raidutil/flash.cpp:527:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy ((char *)ScanType, "SMOR"); data/raidutils-0.0.6/raidutil/flash.cpp:534:19: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy ((char *)ScanType, "SMOR"); data/raidutils-0.0.6/raidutil/flash.cpp:784:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void)strcpy((char *)ScanType, "FCODE"); data/raidutils-0.0.6/raidutil/flash.cpp:838:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy ((char *)ScanType, "BIOS"); data/raidutils-0.0.6/raidutil/flash.cpp:889:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (void)strcpy ((char *)ScanType, EventStrings[STR_FIRMWARE]); data/raidutils-0.0.6/raidutil/flash.cpp:913:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (void)strcpy ((char *)ScanType, EventStrings[STR_FIRMWARE]); data/raidutils-0.0.6/raidutil/flash.cpp:1420:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ioBuf[BYTES_PER_TRANSFER]; data/raidutils-0.0.6/raidutil/flash.cpp:1462:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/flash.cpp:1470:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( temp_Buf, "d%d", addr_P->hba ); data/raidutils-0.0.6/raidutil/flash.cpp:1564:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/flash.cpp:1593:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (strcmp ((const char *)ScanType, EventStrings[STR_NVRAM]) == 0) data/raidutils-0.0.6/raidutil/flash.cpp:1598:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (strcmp ((const char *)ScanType, EventStrings[STR_FIRMWARE]) != 0) data/raidutils-0.0.6/raidutil/flash.cpp:1629:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileBuf[BYTES_PER_TRANSFER]; data/raidutils-0.0.6/raidutil/flash.cpp:1739:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flashMemoryBuf[BYTES_PER_TRANSFER]; data/raidutils-0.0.6/raidutil/flash.cpp:1741:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileBuf[sizeof(flashMemoryBuf)]; data/raidutils-0.0.6/raidutil/flash.hpp:165:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ScanBuild[5], ScanVersion[8], ScanType[9]; data/raidutils-0.0.6/raidutil/flash.hpp:166:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ScanDescriptionHba[7]; data/raidutils-0.0.6/raidutil/id_list.cpp:198:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&temp_Type, ¤t_P->type, sizeof(current_P->type)); data/raidutils-0.0.6/raidutil/id_list.cpp:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tag, ¤t_P->tag, sizeof(current_P->tag)); data/raidutils-0.0.6/raidutil/id_list.cpp:399:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current_P, &buf[i*dptID_S_sz], dptID_S_sz); data/raidutils-0.0.6/raidutil/id_list.cpp:402:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id_P, buf, numberIDs * sizeof(dptID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:437:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, id_P, numIDs * sizeof(dptID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:440:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id_P + numIDs++, src, sizeof(dptID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:446:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&id_P[numIDs++], src, sizeof(dptID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:801:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current_P, &buf[i*LoggerID_S_sz], LoggerID_S_sz); data/raidutils-0.0.6/raidutil/id_list.cpp:804:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id_P, buf, numberIDs * sizeof(LoggerID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:839:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, id_P, numIDs * sizeof(LoggerID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:842:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id_P + numIDs++, src, sizeof(LoggerID_S)); data/raidutils-0.0.6/raidutil/id_list.cpp:848:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&id_P[numIDs++], src, sizeof(LoggerID_S)); data/raidutils-0.0.6/raidutil/intlist.cpp:95:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Items, items, num_Items * sizeof( long ) ); data/raidutils-0.0.6/raidutil/intlist.cpp:150:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Ints, items, num_Items * sizeof( long ) ); data/raidutils-0.0.6/raidutil/listdev.cpp:124:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp [100]; data/raidutils-0.0.6/raidutil/listdev.cpp:125:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2 [sizeof(dpt_sig_S)]; data/raidutils-0.0.6/raidutil/listdev.cpp:204:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&engSig, temp2, sizeof(dpt_sig_S)); data/raidutils-0.0.6/raidutil/listdev.cpp:278:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/raidutils-0.0.6/raidutil/listdev.cpp:364:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char speedString[16]; data/raidutils-0.0.6/raidutil/listdev.cpp:366:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char widthString[16]; data/raidutils-0.0.6/raidutil/listdev.cpp:738:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[BUF_LEN]; data/raidutils-0.0.6/raidutil/listdev.cpp:1304:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[BUF_LEN]; data/raidutils-0.0.6/raidutil/listdev.cpp:1310:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp_Buf, "d%d", addr_P->hba); data/raidutils-0.0.6/raidutil/listdev.cpp:1423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[BUF_LEN]; data/raidutils-0.0.6/raidutil/listdev.cpp:1573:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( temp_Buf, "d%d", addr_P->hba ); data/raidutils-0.0.6/raidutil/listdev.cpp:1603:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbaRevision[5]; data/raidutils-0.0.6/raidutil/listdev.cpp:1931:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saveData, engine->fromEng_P, saveSize); data/raidutils-0.0.6/raidutil/listdev.cpp:1944:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[10]; data/raidutils-0.0.6/raidutil/listdev.cpp:1945:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(version, "%d.%c%c", biosSignature.dsVersion, data/raidutils-0.0.6/raidutil/listdev.cpp:1965:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char build[8]; data/raidutils-0.0.6/raidutil/listdev.cpp:2019:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[10]; data/raidutils-0.0.6/raidutil/listdev.cpp:2034:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(engine->fromEng_P, saveData, saveSize); data/raidutils-0.0.6/raidutil/listdev.cpp:2055:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[BUF_LEN]; data/raidutils-0.0.6/raidutil/listdev.cpp:2056:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[21]; data/raidutils-0.0.6/raidutil/listdev.cpp:2101:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char maxtor_buf[9]; data/raidutils-0.0.6/raidutil/listdev.cpp:2136:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp2, "-------"); data/raidutils-0.0.6/raidutil/listdev.cpp:2229:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[256]; data/raidutils-0.0.6/raidutil/listdev.cpp:2341:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempBuf[5]; data/raidutils-0.0.6/raidutil/listdev.cpp:2342:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (tempBuf, "%d", (int)this_Objs_Tag); data/raidutils-0.0.6/raidutil/nvrambit.cpp:184:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[256]; data/raidutils-0.0.6/raidutil/nvrambit.cpp:200:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp_Buf, "d%d", addr_P->hba); data/raidutils-0.0.6/raidutil/nvrambit.cpp:216:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (temp_Buf, "%d", currentStatus); data/raidutils-0.0.6/raidutil/pagemod.hpp:83:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filler[5]; data/raidutils-0.0.6/raidutil/parsargv.hpp:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char concatenated_Argv_Buf[ 1024 ]; data/raidutils-0.0.6/raidutil/parser.cpp:180:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_Arg[ LEN_STRING_ARG ]; data/raidutils-0.0.6/raidutil/parser.cpp:1729:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arrayName[17]; data/raidutils-0.0.6/raidutil/parser.cpp:1890:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string_Arg[ LEN_STRING_ARG ]; data/raidutils-0.0.6/raidutil/parser.cpp:2398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[ 100 ]; data/raidutils-0.0.6/raidutil/parser.cpp:2766:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char component_Buf[ 40 ]; data/raidutils-0.0.6/raidutil/parser.cpp:2861:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ 256 ]; data/raidutils-0.0.6/raidutil/parser.cpp:2862:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ 256 ]; data/raidutils-0.0.6/raidutil/raidutil.cpp:376:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ 512 ]; data/raidutils-0.0.6/raidutil/raidutil.cpp:377:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stripped_Str[ 160 ]; data/raidutils-0.0.6/raidutil/rawdata.cpp:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtnBuff[BufferLength]; data/raidutils-0.0.6/raidutil/rawdata.cpp:120:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rtnBuff+i,"%x",returned[i]); data/raidutils-0.0.6/raidutil/rawdata.cpp:122:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rtnBuff+i,"%c",returned[i]); data/raidutils-0.0.6/raidutil/rdutlosd.cpp:108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname_and_Path_Buf[ 256 ]; data/raidutils-0.0.6/raidutil/rmwflash.cpp:162:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ 256 ]; data/raidutils-0.0.6/raidutil/rmwflash.cpp:163:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_Buf, "%.*s\r\n", size, original + offset); data/raidutils-0.0.6/raidutil/rmwflash.cpp:188:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (original + offset, data, size); data/raidutils-0.0.6/raidutil/rmwflash.cpp:217:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ 256 ]; data/raidutils-0.0.6/raidutil/rstnvram.cpp:109:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char firmware[ 128 ]; data/raidutils-0.0.6/raidutil/rstnvram.cpp:152:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( get_NVRam_Buf(), nvram.firmware, sizeof( nvram.firmware ) ); data/raidutils-0.0.6/raidutil/scsilist.cpp:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Items, items, num_Items * sizeof( SCSI_Address * ) ); data/raidutils-0.0.6/raidutil/scsilist.cpp:151:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Addresses, items, num_Items * sizeof( SCSI_Address *) ); data/raidutils-0.0.6/raidutil/segment.cpp:64:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(segSizeArray,segSize, (sizeof(segSize)*ARRAY_SEGMENTS_MAX)); data/raidutils-0.0.6/raidutil/segment.cpp:66:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(segOffsetArray,segOffset, (sizeof(segOffset)*ARRAY_SEGMENTS_MAX)); data/raidutils-0.0.6/raidutil/segment.cpp:78:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(segSizeArray,new_arraySegment.segSizeArray, data/raidutils-0.0.6/raidutil/segment.cpp:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(segOffsetArray,new_arraySegment.segOffsetArray, data/raidutils-0.0.6/raidutil/segment.cpp:202:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newArraySegData, currArraySegData, sizeof(currArraySegData)); data/raidutils-0.0.6/raidutil/segment.cpp:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/segment.cpp:477:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp_Buf, "------"); data/raidutils-0.0.6/raidutil/segment.cpp:528:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp_Buf, "%ld", segData[count].offsetLo); data/raidutils-0.0.6/raidutil/segment.cpp:533:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp_Buf, "%d", 0); data/raidutils-0.0.6/raidutil/segment.cpp:535:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( temp_Buf, "%ld", endBlock); data/raidutils-0.0.6/raidutil/setcache.cpp:154:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[ 256 ]; data/raidutils-0.0.6/raidutil/setcache.cpp:227:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&temp_Type, &engine->devInfo_P->objType, sizeof(uSHORT)); data/raidutils-0.0.6/raidutil/setrate.cpp:161:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/setrate.cpp:239:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char * rateString[15]; data/raidutils-0.0.6/raidutil/setspeed.cpp:233:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/setspeed.cpp:242:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf ( temp_Buf, "d%d", addr_P->hba ); data/raidutils-0.0.6/raidutil/setspeed.cpp:255:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpBuf[12]; data/raidutils-0.0.6/raidutil/setspeed.cpp:256:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tmpBuf, "d%db%d", addr_P->hba, channel_Num); data/raidutils-0.0.6/raidutil/showinq.cpp:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/showinq.cpp:172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendor_Product_Info_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/showinq.cpp:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bus_Type_and_Address_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/showinq.cpp:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fw_Revision_Buf[ BUF_LEN ]; data/raidutils-0.0.6/raidutil/strlist.cpp:95:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. temp_Items = new char *[ num_Items + right.num_Items ]; data/raidutils-0.0.6/raidutil/strlist.cpp:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Items, items, num_Items * sizeof( char * ) ); data/raidutils-0.0.6/raidutil/strlist.cpp:141:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. temp_Strings = new char *[ num_Items + 1 ]; data/raidutils-0.0.6/raidutil/strlist.cpp:148:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( temp_Strings, items, num_Items * sizeof( char * ) ); data/raidutils-0.0.6/raidutil/strlist.cpp:306:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. items = new char *[ right.num_Items ]; data/raidutils-0.0.6/raidutil/swap_em.c:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[4], *dst; data/raidutils-0.0.6/raidutil/taskctrl.cpp:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[512]; data/raidutils-0.0.6/raidutil/uartdmp.cpp:88:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbaOutStr[50]; data/raidutils-0.0.6/raidutil/uartdmp.cpp:102:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFile_P = fopen(dumpFileName, "a+"); data/raidutils-0.0.6/raidutil/uartdmp.cpp:150:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempStr[50]; data/raidutils-0.0.6/raidutil/uartdmp.cpp:195:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1024]; // ask for 1K at a time data/raidutils-0.0.6/raidutil/uartdmp.cpp:202:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved[16]; data/raidutils-0.0.6/raidutil/zap.cpp:212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[ 512 ]; data/raidutils-0.0.6/raidutil/zap.cpp:380:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (Buffer, "%ld", 1 - index ); data/raidutils-0.0.6/raidutil/zap.cpp:442:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (Buffer, "%ld", 1 - index ); data/raidutils-0.0.6/lib/ctlr_map.cpp:208:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_entry->device = new char[ strlen (Buffer) + 1 ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:209:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * path = new char[ strlen (Buffer) + 1 ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:210:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * other_path = new char[ strlen (Buffer) + 1 ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:225:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = new char[ strlen (other_path) + sizeof(ls_major) ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:277:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_entry->device = new char[ strlen (Buffer) + 1 ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:393:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_entry->device = new char[ strlen (Buffer) + 1 ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:394:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * path = new char[ strlen (Buffer) + 1 ]; data/raidutils-0.0.6/lib/ctlr_map.cpp:519:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((strlen(cp) >= 5) && memcmp (cp, "scsis", 5) // SPARC data/raidutils-0.0.6/lib/ctlr_map.cpp:525:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cp) < 5) data/raidutils-0.0.6/lib/ctlr_map.cpp:1113:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* newString = new char [strlen(String) + 1]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1174:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* ctlrString = new char[strlen(hbaString) + 11]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1211:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* targString = new char[strlen(chanString) + 6]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1227:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* targString = new char[strlen(ctlrString) + 10]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1438:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = new char[sizeof(path) - 3 + strlen (commands) + 1]; data/raidutils-0.0.6/lib/ctlr_map.cpp:1543:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int readOk = ( read ( fd, buffer, sizeof(buffer) ) == sizeof(buffer) ); data/raidutils-0.0.6/lib/engcalls.cpp:564:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((MsgID == -1)&&(strlen(EngineLoadString))) data/raidutils-0.0.6/lib/engcalls.cpp:572:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(EngineLoadString, "&"); data/raidutils-0.0.6/lib/engcalls.cpp:580:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(EngineLoadString) - 1; data/raidutils-0.0.6/lib/engcalls.cpp:753:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((commMsgID == -1) && (strlen(CommEngineLoadString))) data/raidutils-0.0.6/lib/engcalls.cpp:764:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(CommEngineLoadString, "&"); data/raidutils-0.0.6/lib/engcalls.cpp:774:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(CommEngineLoadString) - 1; data/raidutils-0.0.6/lib/engcalls.cpp:805:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). &(CommEngineLoadString[strlen(CommEngineLoadString)-1]); data/raidutils-0.0.6/lib/findpath.c:141:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? malloc (size = strlen(right) + 1) data/raidutils-0.0.6/lib/findpath.c:142:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : realloc (left, size = strlen(left) + strlen(right) + 1)) data/raidutils-0.0.6/lib/findpath.c:142:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : realloc (left, size = strlen(left) + strlen(right) + 1)) data/raidutils-0.0.6/lib/findpath.c:159:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cp = retVal + strlen(retVal); data/raidutils-0.0.6/lib/findpath.c:189:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * cp = retVal + (size = strlen(retVal)); data/raidutils-0.0.6/lib/findpath.c:323:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && ((path[strlen(path) - 1] == DirectorySeparator[0]) data/raidutils-0.0.6/lib/findpath.c:351:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && ((path[strlen(path) - 1] == DirectorySeparator[0]) data/raidutils-0.0.6/lib/findpath.c:444:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((buffer = (char *)malloc (sizeof(command) - 6 + 10 + strlen(ps) data/raidutils-0.0.6/lib/findpath.c:445:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(grep))) != (char *)NULL) { data/raidutils-0.0.6/lib/findpath.c:498:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && ((length = strlen(_localArgv[0])) > 1) data/raidutils-0.0.6/lib/funcs.c:137:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Len1 = strlen(String1); data/raidutils-0.0.6/lib/funcs.c:138:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Len2 = strlen(String2); data/raidutils-0.0.6/lib/funcs.c:235:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str_P) < n) data/raidutils-0.0.6/lib/funcs.c:236:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(str_P); data/raidutils-0.0.6/lib/funcs.c:454:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/lib/lockunix.c:74:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * templateBuffer = (char *)malloc (strlen(Name)+sizeof(Template)-1); data/raidutils-0.0.6/lib/lockunix.c:80:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((lock = (char *)malloc (strlen(Name)+sizeof(Lock)-1)) == (char *)NULL) { data/raidutils-0.0.6/lib/lockunix.c:91:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (fd, buffer, strlen(buffer)); data/raidutils-0.0.6/lib/lockunix.c:102:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd, buffer, sizeof(buffer)); data/raidutils-0.0.6/lib/lockunix.c:132:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * lock = (char *)malloc (strlen(Name) + sizeof(Lock) - 1); data/raidutils-0.0.6/lib/lockunix.c:151:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * lock = (char *)malloc (strlen(Name) + sizeof(Lock) - 1); data/raidutils-0.0.6/lib/lockunix.c:157:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write (fd, buffer, strlen(buffer)); data/raidutils-0.0.6/lib/lockunix.c:174:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * lock = (char *)malloc (strlen(Name) + sizeof(Lock) - 1); data/raidutils-0.0.6/lib/lockunix.c:185:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read (fd, buffer, sizeof(buffer)); data/raidutils-0.0.6/raideng/device.cpp:1180:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ccb_P->read(0L,1,512,ptrToLong(ccb_P->dataBuff_P)); data/raidutils-0.0.6/raideng/device.cpp:1189:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ccb_P->read(1L,1,512,ptrToLong(ccb_P->dataBuff_P)); data/raidutils-0.0.6/raideng/device.cpp:1199:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ccb_P->read((unsigned long)i+1,1,512,ptrToLong(ccb_P->dataBuff_P)); data/raidutils-0.0.6/raideng/device.cpp:1422:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ccb_P->read(capacity.maxPhysLBA,1,512,ptrToLong(ccb_P->dataBuff_P)); data/raidutils-0.0.6/raideng/device.cpp:3677:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ccb_P->read(rwStartLBA,rwBlocks,(uSHORT)capacity.blockSize, data/raidutils-0.0.6/raideng/dptdebug.h:206:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define DEBUG_strlen(string) strlen((char *)string) data/raidutils-0.0.6/raideng/drv_busy.cpp:72:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Path)]) != (DPTDeviceList *)NULL) { data/raidutils-0.0.6/raideng/drv_busy.cpp:94:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Buffer = new char[sizeof(ls) + strlen(Link->Name) - 1]; data/raidutils-0.0.6/raideng/drv_busy.cpp:108:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Buffer + 1)]) != (DPTDeviceList *)NULL) { data/raidutils-0.0.6/raideng/drv_busy.cpp:212:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { char * name = new char[strlen(Dirs[0][0]) + strlen(Targets[0]) data/raidutils-0.0.6/raideng/drv_busy.cpp:212:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { char * name = new char[strlen(Dirs[0][0]) + strlen(Targets[0]) data/raidutils-0.0.6/raideng/drv_busy.cpp:213:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Suffixes[0][SuffixIndex]) + 1]; data/raidutils-0.0.6/raideng/eng_ccb.hpp:307:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(uLONG,uSHORT,uSHORT,uLONG); data/raidutils-0.0.6/raideng/osd_unix.cpp:665:18: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sig_P->dsSignature,engineSig.dsSignature,6); data/raidutils-0.0.6/raideng/osd_unix.cpp:1710:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = new char[sizeof(path) + strlen (commands) - 1]; data/raidutils-0.0.6/raideng/osd_unix.cpp:1756:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && ((command = new char[sizeof(CheckLabel) - 1 + strlen(name)]) data/raidutils-0.0.6/raideng/osd_unix.cpp:1765:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). = new char[sizeof(Format) - 1 + strlen(name)]) != (char *)NULL) data/raidutils-0.0.6/raideng/osd_unix.cpp:2503:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(uts.version) > 2) data/raidutils-0.0.6/raideng/osd_unix.cpp:2571:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(uts.version) == 5) { data/raidutils-0.0.6/raideng/osd_unix.cpp:3128:26: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(Str," "); data/raidutils-0.0.6/raideng/osd_unix.cpp:3137:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(Str); data/raidutils-0.0.6/raideng/osd_unix.cpp:3707:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). allocated = (char *)malloc(strlen((const char *)DataBuff) + 1); data/raidutils-0.0.6/raideng/osd_unix.cpp:3764:28: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (('0' <= (c = fgetc(fp))) && (c <= '9')) { data/raidutils-0.0.6/raideng/osd_unix.cpp:4985:13: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/osd_unix.cpp:5271:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)userBuff, dkt->dkt_name, USER_BUFF_SIZE); data/raidutils-0.0.6/raideng/osd_unix.cpp:5575:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(String,1,strlen(String),DebugFileHandle); data/raidutils-0.0.6/raideng/osd_unix.cpp:5693:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/osd_unix.cpp:5737:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/osd_unix.cpp:5746:8: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/osd_unix.cpp:5783:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/osd_unix.cpp:5824:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/osd_unix.cpp:5878:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/raidutils-0.0.6/raideng/scsi_ccb.cpp:312:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void scsiCCB_C::read(uLONG startLBA,uSHORT numBlocks, data/raidutils-0.0.6/raideng/stats.h:143:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readStats_S read; // Read stats data/raidutils-0.0.6/raidutil/command.cpp:2129:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (strip_White_Index = strlen( str ) - 1; data/raidutils-0.0.6/raidutil/config.cpp:78:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)strcpy (fileName = new char [strlen (fName) + 5], data/raidutils-0.0.6/raidutil/drv_busy.cpp:71:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Path)]) != (DPTDeviceList *)NULL) { data/raidutils-0.0.6/raidutil/drv_busy.cpp:93:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Buffer = new char[sizeof(ls) + strlen(Link->Name) - 1]; data/raidutils-0.0.6/raidutil/drv_busy.cpp:107:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Buffer + 1)]) != (DPTDeviceList *)NULL) { data/raidutils-0.0.6/raidutil/drv_busy.cpp:211:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { char * name = new char[strlen(Dirs[0][0]) + strlen(Targets[0]) data/raidutils-0.0.6/raidutil/drv_busy.cpp:211:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { char * name = new char[strlen(Dirs[0][0]) + strlen(Targets[0]) data/raidutils-0.0.6/raidutil/drv_busy.cpp:212:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Suffixes[0][SuffixIndex]) + 1]; data/raidutils-0.0.6/raidutil/eventlog.cpp:278:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(RdrStatusString)) data/raidutils-0.0.6/raidutil/eventlog.cpp:296:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(RdrStatusString,"\n"); data/raidutils-0.0.6/raidutil/eventlog.cpp:1750:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(buffer); data/raidutils-0.0.6/raidutil/eventlog.cpp:1807:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ErrorString, " "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2076:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(TypeString," "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2193:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/raidutils-0.0.6/raidutil/eventlog.cpp:2202:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/raidutils-0.0.6/raidutil/flash.cpp:158:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)strcpy (source = new char [ strlen (sourceFile) + 1 ], (const char *) sourceFile); data/raidutils-0.0.6/raidutil/flash.cpp:709:16: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void)strcpy ((char *)ScanType, "?"); data/raidutils-0.0.6/raidutil/flash.cpp:1652:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). firmwareStream.read(fileBuf, readSize); data/raidutils-0.0.6/raidutil/flash.cpp:1748:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). firmwareStream.read(fileBuf, readSize); data/raidutils-0.0.6/raidutil/listdev.cpp:1626:7: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(temp_Buf, " "); data/raidutils-0.0.6/raidutil/listdev.cpp:1973:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < (int) strlen(sig.dsDescription) - 3; i++) data/raidutils-0.0.6/raidutil/namarray.cpp:105:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). engine->Insert(arrayName,strlen(arrayName+1)); data/raidutils-0.0.6/raidutil/namarray.cpp:119:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(int i=strlen(arrayName); i < 16; i++) data/raidutils-0.0.6/raidutil/parsargv.cpp:113:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( concatenated_Argv_Buf, "\""); data/raidutils-0.0.6/raidutil/parsargv.cpp:115:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( concatenated_Argv_Buf, "\""); data/raidutils-0.0.6/raidutil/parsargv.cpp:119:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( concatenated_Argv_Buf, " " ); data/raidutils-0.0.6/raidutil/parser.cpp:140:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int count = strlen(command_Line); data/raidutils-0.0.6/raidutil/parser.cpp:532:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_TASK_BUILD], strlen(EventStrings[STR_CMD_LINE_TASK_BUILD]))) data/raidutils-0.0.6/raidutil/parser.cpp:535:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_BUILD]); data/raidutils-0.0.6/raidutil/parser.cpp:537:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_TASK_REBUILD], strlen(EventStrings[STR_CMD_LINE_TASK_REBUILD]))) data/raidutils-0.0.6/raidutil/parser.cpp:540:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_REBUILD]); data/raidutils-0.0.6/raidutil/parser.cpp:542:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_TASK_STOP], strlen(EventStrings[STR_CMD_LINE_TASK_STOP]))) data/raidutils-0.0.6/raidutil/parser.cpp:545:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_STOP]); data/raidutils-0.0.6/raidutil/parser.cpp:547:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_TASK_LIST], strlen(EventStrings[STR_CMD_LINE_TASK_LIST]))) data/raidutils-0.0.6/raidutil/parser.cpp:550:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_LIST]); data/raidutils-0.0.6/raidutil/parser.cpp:552:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_TASK_VERIFY_NO_FIX], strlen(EventStrings[STR_CMD_LINE_TASK_VERIFY_NO_FIX]))) data/raidutils-0.0.6/raidutil/parser.cpp:555:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_VERIFY_NO_FIX]); data/raidutils-0.0.6/raidutil/parser.cpp:557:92: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_TASK_VERIFY], strlen(EventStrings[STR_CMD_LINE_TASK_VERIFY]))) data/raidutils-0.0.6/raidutil/parser.cpp:560:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_VERIFY]); data/raidutils-0.0.6/raidutil/parser.cpp:610:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_OPTIMAL], strlen(EventStrings[STR_CMD_LINE_OPTIMAL]))) data/raidutils-0.0.6/raidutil/parser.cpp:613:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_OPTIMAL]); data/raidutils-0.0.6/raidutil/parser.cpp:615:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_FAIL], strlen(EventStrings[STR_CMD_LINE_FAIL]))) data/raidutils-0.0.6/raidutil/parser.cpp:618:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_FAIL]); data/raidutils-0.0.6/raidutil/parser.cpp:675:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOG_SOFT], strlen(EventStrings[STR_CMD_LINE_LOG_SOFT]))) data/raidutils-0.0.6/raidutil/parser.cpp:678:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOG_SOFT]); data/raidutils-0.0.6/raidutil/parser.cpp:680:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOG_RECOV], strlen(EventStrings[STR_CMD_LINE_LOG_RECOV]))) data/raidutils-0.0.6/raidutil/parser.cpp:683:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOG_RECOV]); data/raidutils-0.0.6/raidutil/parser.cpp:685:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOG_NONRECOV], strlen(EventStrings[STR_CMD_LINE_LOG_NONRECOV]))) data/raidutils-0.0.6/raidutil/parser.cpp:688:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOG_NONRECOV]); data/raidutils-0.0.6/raidutil/parser.cpp:690:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOG_STATUS], strlen(EventStrings[STR_CMD_LINE_LOG_STATUS]))) data/raidutils-0.0.6/raidutil/parser.cpp:693:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOG_STATUS]); data/raidutils-0.0.6/raidutil/parser.cpp:695:91: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOG_DELETE], strlen(EventStrings[STR_CMD_LINE_LOG_DELETE]))) data/raidutils-0.0.6/raidutil/parser.cpp:698:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOG_DELETE]); data/raidutils-0.0.6/raidutil/parser.cpp:700:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOG_BOARD], strlen(EventStrings[STR_CMD_LINE_LOG_BOARD]))) data/raidutils-0.0.6/raidutil/parser.cpp:703:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOG_BOARD]); data/raidutils-0.0.6/raidutil/parser.cpp:917:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_LOAD], strlen(EventStrings[STR_CMD_LINE_LOAD]))) data/raidutils-0.0.6/raidutil/parser.cpp:920:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_LOAD]); data/raidutils-0.0.6/raidutil/parser.cpp:922:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!memcmp(command_Line, EventStrings[STR_CMD_LINE_SAVE], strlen(EventStrings[STR_CMD_LINE_SAVE]))) data/raidutils-0.0.6/raidutil/parser.cpp:925:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_SAVE]); data/raidutils-0.0.6/raidutil/parser.cpp:1427:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(command_Line, EventStrings[STR_CMD_LINE_TASK_RATE_SLOW], strlen(EventStrings[STR_CMD_LINE_TASK_RATE_SLOW]))) data/raidutils-0.0.6/raidutil/parser.cpp:1430:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_RATE_SLOW]); data/raidutils-0.0.6/raidutil/parser.cpp:1432:111: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, EventStrings[STR_CMD_LINE_TASK_RATE_MEDSLOW], strlen(EventStrings[STR_CMD_LINE_TASK_RATE_MEDSLOW]))) data/raidutils-0.0.6/raidutil/parser.cpp:1435:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_RATE_MEDSLOW]); data/raidutils-0.0.6/raidutil/parser.cpp:1437:111: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, EventStrings[STR_CMD_LINE_TASK_RATE_MEDFAST], strlen(EventStrings[STR_CMD_LINE_TASK_RATE_MEDFAST]))) data/raidutils-0.0.6/raidutil/parser.cpp:1440:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_RATE_MEDFAST]); data/raidutils-0.0.6/raidutil/parser.cpp:1442:107: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, EventStrings[STR_CMD_LINE_TASK_RATE_MED], strlen(EventStrings[STR_CMD_LINE_TASK_RATE_MED]))) data/raidutils-0.0.6/raidutil/parser.cpp:1445:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_RATE_MED]); data/raidutils-0.0.6/raidutil/parser.cpp:1447:108: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, EventStrings[STR_CMD_LINE_TASK_RATE_FAST], strlen(EventStrings[STR_CMD_LINE_TASK_RATE_FAST]))) data/raidutils-0.0.6/raidutil/parser.cpp:1450:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(EventStrings[STR_CMD_LINE_TASK_RATE_FAST]); data/raidutils-0.0.6/raidutil/parser.cpp:1626:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(command_Line, "+clusterfua", strlen("clusterfua"))) data/raidutils-0.0.6/raidutil/parser.cpp:1628:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("clusterfua"); data/raidutils-0.0.6/raidutil/parser.cpp:1642:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(command_Line, "+cachestale", strlen("+cachestale"))) data/raidutils-0.0.6/raidutil/parser.cpp:1644:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("cachestale"); data/raidutils-0.0.6/raidutil/parser.cpp:1655:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+cluster", strlen("cluster"))) data/raidutils-0.0.6/raidutil/parser.cpp:1657:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("cluster"); data/raidutils-0.0.6/raidutil/parser.cpp:1668:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+hot_spare_same_channel", strlen("+hot_spare_same_channel"))) data/raidutils-0.0.6/raidutil/parser.cpp:1670:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("hot_spare_same_channel"); data/raidutils-0.0.6/raidutil/parser.cpp:1682:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+setsysconfig", strlen("+setsysconfig"))) data/raidutils-0.0.6/raidutil/parser.cpp:1684:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("setsysconfig"); data/raidutils-0.0.6/raidutil/parser.cpp:1694:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+uartdump", strlen("+uartdump"))) data/raidutils-0.0.6/raidutil/parser.cpp:1696:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("uartdump"); data/raidutils-0.0.6/raidutil/parser.cpp:1704:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fileName[strlen(fileName) -1] == ' ') data/raidutils-0.0.6/raidutil/parser.cpp:1705:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fileName[strlen(fileName) -1] = '\0'; data/raidutils-0.0.6/raidutil/parser.cpp:1712:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(fileName); data/raidutils-0.0.6/raidutil/parser.cpp:1722:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+namearray", strlen("+namearray"))) data/raidutils-0.0.6/raidutil/parser.cpp:1724:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("namearray"); data/raidutils-0.0.6/raidutil/parser.cpp:1751:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(command_Line) > 16) data/raidutils-0.0.6/raidutil/parser.cpp:1776:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+rawdata", strlen("+rawdata"))) data/raidutils-0.0.6/raidutil/parser.cpp:1778:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + 1 + strlen("rawdata"); data/raidutils-0.0.6/raidutil/parser.cpp:1800:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+OEMSpecificName", strlen("+OEMSpecificName"))) data/raidutils-0.0.6/raidutil/parser.cpp:1802:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + strlen("+OEMSpecificName"); data/raidutils-0.0.6/raidutil/parser.cpp:1851:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line += strlen(OEMSpecificName); data/raidutils-0.0.6/raidutil/parser.cpp:1854:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(OEMSpecificName) > 32) data/raidutils-0.0.6/raidutil/parser.cpp:1875:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(command_Line, "+segment", strlen("+segment"))) data/raidutils-0.0.6/raidutil/parser.cpp:1892:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command_Line = command_Line + strlen("+segment"); data/raidutils-0.0.6/raidutil/parser.cpp:2083:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( buffer, this_Commands_Text, end_of_Command - this_Commands_Text ); data/raidutils-0.0.6/raidutil/parser.cpp:2129:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( word, str, end_of_Word - str ); data/raidutils-0.0.6/raidutil/raidutil.cpp:271:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=strlen(argv[0])-1; i>=0; i--) data/raidutils-0.0.6/raidutil/raidutil.cpp:466:23: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int key = getchar(); data/raidutils-0.0.6/raidutil/raidutil.cpp:579:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_of_Str = strlen( str ); data/raidutils-0.0.6/raidutil/raidutil.cpp:583:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( buf, str, field_Width ); data/raidutils-0.0.6/raidutil/raidutil.cpp:758:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < (int)strlen(in_str); i++) data/raidutils-0.0.6/raidutil/segment.cpp:229:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newArraySegData[count].name_A, currArraySegData[count].name_A, 16); data/raidutils-0.0.6/raidutil/segment.cpp:313:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(newArraySegData[count].name_A, ""); data/raidutils-0.0.6/raidutil/segment.cpp:322:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(newArraySegData[count].name_A, ""); data/raidutils-0.0.6/raidutil/segment.cpp:405:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(segData_P[count].name_A, ""); data/raidutils-0.0.6/raidutil/segment.cpp:410:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(segData_P[count].name_A, returnSegData[count].name_A, 16); data/raidutils-0.0.6/raidutil/status.cpp:860:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (temp = new char [ 11 + strlen (class_Str) ], "%s %x:%x", data/raidutils-0.0.6/raidutil/status.cpp:865:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (temp = new char [ strlen (Str) + 6 ], "%s %d%%", data/raidutils-0.0.6/raidutil/status.cpp:882:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf (temp = new char [ strlen (Str) + 10 ], EventStrings[STR_STR_OVER_PENDING], data/raidutils-0.0.6/raidutil/strlist.cpp:154:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). items[ num_Items - 1 ] = new char[ strlen( str ) + 1 ]; data/raidutils-0.0.6/raidutil/strlist.cpp:311:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). items[ str_Index ] = new char[ strlen( right.items[ str_Index ] ) + 1 ]; data/raidutils-0.0.6/raidutil/zap.cpp:368:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned i = strlen ( (char *) err ); data/raidutils-0.0.6/raidutil/zap.cpp:374:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen ( ( (char *) err ) + i ); data/raidutils-0.0.6/raidutil/zap.cpp:430:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned i = strlen ( (char *) err ); data/raidutils-0.0.6/raidutil/zap.cpp:436:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen ( ( (char *) err ) + i ); ANALYSIS SUMMARY: Hits = 992 Lines analyzed = 123626 in approximately 2.66 seconds (46559 lines/second) Physical Source Lines of Code (SLOC) = 62445 Hits@level = [0] 398 [1] 196 [2] 489 [3] 5 [4] 302 [5] 0 Hits@level+ = [0+] 1390 [1+] 992 [2+] 796 [3+] 307 [4+] 302 [5+] 0 Hits/KSLOC@level+ = [0+] 22.2596 [1+] 15.886 [2+] 12.7472 [3+] 4.91633 [4+] 4.83626 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.