Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/spatialite-tools-5.0.0/spatialite_gml.c Examining data/spatialite-tools-5.0.0/spatialite_dxf.c Examining data/spatialite-tools-5.0.0/spatialite_osm_filter.c Examining data/spatialite-tools-5.0.0/spatialite_osm_raw.c Examining data/spatialite-tools-5.0.0/spatialite_dem.c Examining data/spatialite-tools-5.0.0/spatialite_convert.c Examining data/spatialite-tools-5.0.0/exif_loader.c Examining data/spatialite-tools-5.0.0/spatialite_xml_validator.c Examining data/spatialite-tools-5.0.0/shp_doctor.c Examining data/spatialite-tools-5.0.0/config-msvc.h Examining data/spatialite-tools-5.0.0/spatialite_tool.c Examining data/spatialite-tools-5.0.0/spatialite_network.c Examining data/spatialite-tools-5.0.0/spatialite_xml_print.c Examining data/spatialite-tools-5.0.0/spatialite_osm_overpass.c Examining data/spatialite-tools-5.0.0/shell.c Examining data/spatialite-tools-5.0.0/spatialite_xml2utf8.c Examining data/spatialite-tools-5.0.0/spatialite_osm_map.c Examining data/spatialite-tools-5.0.0/spatialite_xml_collapse.c Examining data/spatialite-tools-5.0.0/spatialite_xml_load.c Examining data/spatialite-tools-5.0.0/spatialite_osm_net.c Examining data/spatialite-tools-5.0.0/shp_sanitize.c FINAL RESULTS: data/spatialite-tools-5.0.0/exif_loader.c:148:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:182:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:216:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:356:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:437:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (date, tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:467:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (timestamp, "%s %02d:%02d:%02d.%03d", date, hh, mm, ss, data/spatialite-tools-5.0.0/exif_loader.c:471:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, timestamp); data/spatialite-tools-5.0.0/exif_loader.c:937:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (msg, "exif_loader: cannot open file '%s'", file_path); data/spatialite-tools-5.0.0/exif_loader.c:1013:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (file_path, "%s\\%s", dir_path, c_file.name); data/spatialite-tools-5.0.0/exif_loader.c:1031:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (msg, "exif_loader: cannot access dir '%s'", dir_path); data/spatialite-tools-5.0.0/exif_loader.c:1041:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (file_path, "%s/%s", dir_path, entry->d_name); data/spatialite-tools-5.0.0/shell.c:100:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define access(f,m) _access((f),(m)) data/spatialite-tools-5.0.0/shell.c:101:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #undef popen data/spatialite-tools-5.0.0/shell.c:102:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define popen(a,b) _popen((a),(b)) data/spatialite-tools-5.0.0/shell.c:428:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->name, name); data/spatialite-tools-5.0.0/shell.c:498:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "DROP TABLE IF EXISTS fdo_%s", p->name); data/spatialite-tools-5.0.0/shell.c:503:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/shell.c:589:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "DROP TABLE IF EXISTS fdo_%s", p->name); data/spatialite-tools-5.0.0/shell.c:789:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*table, pt + 1); data/spatialite-tools-5.0.0/shell.c:1381:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:1480:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:1524:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:1577:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:1616:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:1655:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:1694:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, azArg[i]); data/spatialite-tools-5.0.0/shell.c:3585:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (p->out, data/spatialite-tools-5.0.0/shell.c:3975:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. p->out = popen (&azArg[1][1], "w"); data/spatialite-tools-5.0.0/shell.c:4216:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) system (zCmd); data/spatialite-tools-5.0.0/shell.c:4559:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf ("SQLite %s %s\n" /*extra-version-info */ , data/spatialite-tools-5.0.0/shell.c:5282:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access (data.zDbFilename, 0) == 0) data/spatialite-tools-5.0.0/shp_doctor.c:133:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s.shp", base_path); data/spatialite-tools-5.0.0/shp_doctor.c:138:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_open, path, sys_err); data/spatialite-tools-5.0.0/shp_doctor.c:141:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s.shx", base_path); data/spatialite-tools-5.0.0/shp_doctor.c:146:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_open, path, sys_err); data/spatialite-tools-5.0.0/shp_doctor.c:149:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s.dbf", base_path); data/spatialite-tools-5.0.0/shp_doctor.c:154:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_open, path, sys_err); data/spatialite-tools-5.0.0/shp_doctor.c:162:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "SHX"); data/spatialite-tools-5.0.0/shp_doctor.c:167:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "SHX"); data/spatialite-tools-5.0.0/shp_doctor.c:175:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "SHP"); data/spatialite-tools-5.0.0/shp_doctor.c:180:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "SHP"); data/spatialite-tools-5.0.0/shp_doctor.c:231:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "DBF"); data/spatialite-tools-5.0.0/shp_doctor.c:236:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "DBF"); data/spatialite-tools-5.0.0/shp_doctor.c:327:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "DBF", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:333:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "DBF", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:341:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:347:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:357:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (null_shape, current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:360:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_shape, shape, x_shape, current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:378:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP point-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:402:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polyline-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:409:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polyline-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:479:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polygon-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:486:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polygon-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:581:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP multipoint-entity", data/spatialite-tools-5.0.0/shp_doctor.c:589:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP multipoint-entity", data/spatialite-tools-5.0.0/shp_doctor.c:763:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s.shp", base_path); data/spatialite-tools-5.0.0/shp_doctor.c:768:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_open, path, sys_err); data/spatialite-tools-5.0.0/shp_doctor.c:771:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s.dbf", base_path); data/spatialite-tools-5.0.0/shp_doctor.c:776:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_open, path, sys_err); data/spatialite-tools-5.0.0/shp_doctor.c:785:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "SHP"); data/spatialite-tools-5.0.0/shp_doctor.c:790:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "SHP"); data/spatialite-tools-5.0.0/shp_doctor.c:841:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "DBF"); data/spatialite-tools-5.0.0/shp_doctor.c:846:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "DBF"); data/spatialite-tools-5.0.0/shp_doctor.c:922:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "DBF", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:937:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "DBF", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:944:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:950:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:961:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (null_shape, current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:964:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_shape, shape, x_shape, current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:982:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP point-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:1006:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polyline-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:1013:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polyline-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:1083:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polygon-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:1090:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP polygon-entity", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:1185:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP multipoint-entity", data/spatialite-tools-5.0.0/shp_doctor.c:1193:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "SHP multipoint-entity", data/spatialite-tools-5.0.0/shp_doctor.c:1322:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s", base_path); data/spatialite-tools-5.0.0/shp_doctor.c:1327:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_open, path, sys_err); data/spatialite-tools-5.0.0/shp_doctor.c:1335:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "DBF"); data/spatialite-tools-5.0.0/shp_doctor.c:1340:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_header, "DBF"); data/spatialite-tools-5.0.0/shp_doctor.c:1415:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "DBF", current_row + 1); data/spatialite-tools-5.0.0/shp_doctor.c:1429:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (err_read, "DBF", current_row + 1); data/spatialite-tools-5.0.0/shp_sanitize.c:298:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (xpath, "%s.shx", path); data/spatialite-tools-5.0.0/shp_sanitize.c:303:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "unable to open '%s' for reading: %s", xpath, data/spatialite-tools-5.0.0/shp_sanitize.c:307:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (xpath, "%s.shp", path); data/spatialite-tools-5.0.0/shp_sanitize.c:312:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "unable to open '%s' for reading: %s", xpath, data/spatialite-tools-5.0.0/shp_sanitize.c:316:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (xpath, "%s.dbf", path); data/spatialite-tools-5.0.0/shp_sanitize.c:321:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "unable to open '%s' for reading: %s", xpath, data/spatialite-tools-5.0.0/shp_sanitize.c:375:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s'\ninvalid magic number %02x [FoxBASE format]", data/spatialite-tools-5.0.0/shp_sanitize.c:379:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, data/spatialite-tools-5.0.0/shp_sanitize.c:386:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, data/spatialite-tools-5.0.0/shp_sanitize.c:394:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s'\ninvalid magic number %02x [dBASE IV format]", data/spatialite-tools-5.0.0/shp_sanitize.c:398:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s'\ninvalid magic number %02x [unknown format]", data/spatialite-tools-5.0.0/shp_sanitize.c:437:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->Path, path); data/spatialite-tools-5.0.0/shp_sanitize.c:503:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:511:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:525:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:537:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s' is corrupted / has invalid format", path); data/spatialite-tools-5.0.0/shp_sanitize.c:540:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:552:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s' shape=%d is not supported", path, shape); data/spatialite-tools-5.0.0/shp_sanitize.c:555:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:568:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s.dbf' contains unsupported data types", path); data/spatialite-tools-5.0.0/shp_sanitize.c:571:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:681:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "'%s' is corrupted / has invalid format", shp->Path); data/spatialite-tools-5.0.0/shp_sanitize.c:684:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:1679:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (extra, "\n\tcause: %s\n", shp->LastError); data/spatialite-tools-5.0.0/shp_sanitize.c:1855:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s/%s.shx", out_path, name); data/spatialite-tools-5.0.0/shp_sanitize.c:1862:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s/%s.shp", out_path, name); data/spatialite-tools-5.0.0/shp_sanitize.c:1869:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (path, "%s/%s.dbf", out_path, name); data/spatialite-tools-5.0.0/shp_sanitize.c:1907:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (xpath, "%s.shx", path); data/spatialite-tools-5.0.0/shp_sanitize.c:1912:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "unable to open '%s' for writing: %s", xpath, data/spatialite-tools-5.0.0/shp_sanitize.c:1916:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (xpath, "%s.shp", path); data/spatialite-tools-5.0.0/shp_sanitize.c:1921:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "unable to open '%s' for writing: %s", xpath, data/spatialite-tools-5.0.0/shp_sanitize.c:1925:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (xpath, "%s.dbf", path); data/spatialite-tools-5.0.0/shp_sanitize.c:1930:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (errMsg, "unable to open '%s' for writing: %s", xpath, data/spatialite-tools-5.0.0/shp_sanitize.c:1961:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, fld->Name); data/spatialite-tools-5.0.0/shp_sanitize.c:1975:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->Path, path); data/spatialite-tools-5.0.0/shp_sanitize.c:2004:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:2012:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (shp->LastError, errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:2317:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*expected, str); data/spatialite-tools-5.0.0/shp_sanitize.c:2364:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*actual, str); data/spatialite-tools-5.0.0/shp_sanitize.c:3705:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (extra, "\n\t\tcause: %s\n", shp_in->LastError); data/spatialite-tools-5.0.0/shp_sanitize.c:3731:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (extra, "\n\t\tcause: %s\n", shp_out->LastError); data/spatialite-tools-5.0.0/spatialite_convert.c:200:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp, buf); data/spatialite-tools-5.0.0/spatialite_convert.c:217:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tmp, buf); data/spatialite-tools-5.0.0/spatialite_convert.c:274:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_table, name); data/spatialite-tools-5.0.0/spatialite_convert.c:312:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_column, name); data/spatialite-tools-5.0.0/spatialite_convert.c:374:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_table, name); data/spatialite-tools-5.0.0/spatialite_convert.c:412:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_column, name); data/spatialite-tools-5.0.0/spatialite_convert.c:738:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (curr_idx->TableName, p_table); data/spatialite-tools-5.0.0/spatialite_convert.c:741:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (curr_idx->ColumnName, p_column); data/spatialite-tools-5.0.0/spatialite_convert.c:1513:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1525:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "DROP TABLE %s", table); data/spatialite-tools-5.0.0/spatialite_convert.c:4291:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xtable, table); data/spatialite-tools-5.0.0/spatialite_convert.c:4293:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4305:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (gtype, results[(i * columns)]); data/spatialite-tools-5.0.0/spatialite_convert.c:4401:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xtable, table); data/spatialite-tools-5.0.0/spatialite_convert.c:4409:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "VALUES (Lower('%s'), 'geometry', %d, %d, %d)", xtable, data/spatialite-tools-5.0.0/spatialite_convert.c:4411:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_convert.c:4458:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "VALUES ('%s', 'Geometry', '%s', %d)", xtable, xgtype, data/spatialite-tools-5.0.0/spatialite_convert.c:4460:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_dem.c:285:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(config_struct.dem_path,conf_value); data/spatialite-tools-5.0.0/spatialite_dem.c:289:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(config_struct.dem_table,conf_value); data/spatialite-tools-5.0.0/spatialite_dem.c:293:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(config_struct.dem_geometry,conf_value); data/spatialite-tools-5.0.0/spatialite_dem.c:3306:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(source_config.dem_path,argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3309:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(source_config.dem_table,argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3312:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(source_config.dem_geometry,argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3315:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dem_config.dem_path,argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3318:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dem_config.dem_table,argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3321:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dem_config.dem_geometry,argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3501:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dem_config.dem_geometry,dem_geometry_default); data/spatialite-tools-5.0.0/spatialite_gml.c:160:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dummy, org); data/spatialite-tools-5.0.0/spatialite_gml.c:166:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (prefix, dummy); data/spatialite-tools-5.0.0/spatialite_gml.c:167:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name, dummy + i + 1); data/spatialite-tools-5.0.0/spatialite_gml.c:173:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (name, org); data/spatialite-tools-5.0.0/spatialite_gml.c:196:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (params->fid_tag, el); data/spatialite-tools-5.0.0/spatialite_gml.c:197:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (params->fid_prefix, prefix); data/spatialite-tools-5.0.0/spatialite_gml.c:198:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (params->fid_name, name); data/spatialite-tools-5.0.0/spatialite_gml.c:204:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (params->fid_tag, el); data/spatialite-tools-5.0.0/spatialite_gml.c:205:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (params->fid_prefix, prefix); data/spatialite-tools-5.0.0/spatialite_gml.c:206:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (params->fid_name, name); data/spatialite-tools-5.0.0/spatialite_gml.c:292:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (col->name, name); data/spatialite-tools-5.0.0/spatialite_gml.c:629:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (col->txt_value, params->CharData); data/spatialite-tools-5.0.0/spatialite_gml.c:1447:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE %s (\n", table); data/spatialite-tools-5.0.0/spatialite_gml.c:1455:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ",\n%s INTEGER", col->name); data/spatialite-tools-5.0.0/spatialite_gml.c:1458:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ",\n%s DOUBLE", col->name); data/spatialite-tools-5.0.0/spatialite_gml.c:1461:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ",\n%s TEXT", col->name); data/spatialite-tools-5.0.0/spatialite_gml.c:1466:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_gml.c:1480:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "SELECT AddGeometryColumn('%s', 'geometry', %d", table, data/spatialite-tools-5.0.0/spatialite_gml.c:1525:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO %s (", table); data/spatialite-tools-5.0.0/spatialite_gml.c:1530:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", %s", col->name); data/spatialite-tools-5.0.0/spatialite_gml.c:1531:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:266:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pN.code, code); data/spatialite-tools-5.0.0/spatialite_network.c:363:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pP->code, code); data/spatialite-tools-5.0.0/spatialite_network.c:392:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (pN->code, code); data/spatialite-tools-5.0.0/spatialite_network.c:483:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xRowid, FORMAT_64, rowid); data/spatialite-tools-5.0.0/spatialite_network.c:624:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (last_code, pP->code); data/spatialite-tools-5.0.0/spatialite_network.c:765:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) out, pN->code); data/spatialite-tools-5.0.0/spatialite_network.c:844:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "DROP TABLE IF EXISTS \"%s\"", out_table); data/spatialite-tools-5.0.0/spatialite_network.c:854:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE \"%s\" (", out_table); data/spatialite-tools-5.0.0/spatialite_network.c:864:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO \"%s\" (\"Id\", \"NetworkData\") VALUES (?, ?)", data/spatialite-tools-5.0.0/spatialite_network.c:897:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) out, table); data/spatialite-tools-5.0.0/spatialite_network.c:905:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) out, from_column); data/spatialite-tools-5.0.0/spatialite_network.c:913:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) out, to_column); data/spatialite-tools-5.0.0/spatialite_network.c:925:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) out, geom_column); data/spatialite-tools-5.0.0/spatialite_network.c:937:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) out, name_column); data/spatialite-tools-5.0.0/spatialite_network.c:1058:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "DROP TABLE IF EXISTS \"%s\"", virt_table); data/spatialite-tools-5.0.0/spatialite_network.c:1068:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE VIRTUAL TABLE \"%s\" USING VirtualNetwork(\"%s\")", data/spatialite-tools-5.0.0/spatialite_network.c:1267:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_network.c:1289:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "PRAGMA table_info(\"%s\")", table); data/spatialite-tools-5.0.0/spatialite_network.c:1370:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "SELECT \"%s\", \"%s\", GeometryType(\"%s\")", data/spatialite-tools-5.0.0/spatialite_network.c:1375:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", cost_column); data/spatialite-tools-5.0.0/spatialite_network.c:1376:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1381:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_tofrom); data/spatialite-tools-5.0.0/spatialite_network.c:1382:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1388:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_fromto); data/spatialite-tools-5.0.0/spatialite_network.c:1389:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1393:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, " FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_network.c:1394:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1424:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_from, data/spatialite-tools-5.0.0/spatialite_network.c:1445:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_to, (char *) sqlite3_column_text (stmt, 1)); data/spatialite-tools-5.0.0/spatialite_network.c:1654:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_network.c:1663:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\", GLength(\"%s\")", cost_column, data/spatialite-tools-5.0.0/spatialite_network.c:1665:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1671:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", GLength(\"%s\")", geom_column); data/spatialite-tools-5.0.0/spatialite_network.c:1672:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1683:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", cost_column); data/spatialite-tools-5.0.0/spatialite_network.c:1684:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1688:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", GLength(\"%s\")", geom_column); data/spatialite-tools-5.0.0/spatialite_network.c:1689:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1695:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_tofrom); data/spatialite-tools-5.0.0/spatialite_network.c:1696:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1702:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_fromto); data/spatialite-tools-5.0.0/spatialite_network.c:1703:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1707:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, " FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_network.c:1708:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:1739:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_from, (char *) sqlite3_column_text (stmt, 1)); data/spatialite-tools-5.0.0/spatialite_network.c:1744:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_to, (char *) sqlite3_column_text (stmt, 2)); data/spatialite-tools-5.0.0/spatialite_network.c:1775:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xRowid, FORMAT_64, rowid); data/spatialite-tools-5.0.0/spatialite_network.c:1793:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xIdFrom, FORMAT_64, id_from); data/spatialite-tools-5.0.0/spatialite_network.c:1794:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xIdTo, FORMAT_64, id_to); data/spatialite-tools-5.0.0/spatialite_network.c:2021:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_network.c:2043:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "PRAGMA table_info(\"%s\")", table); data/spatialite-tools-5.0.0/spatialite_network.c:2119:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "SELECT \"%s\", \"%s\", \"%s\"", from_column, to_column, data/spatialite-tools-5.0.0/spatialite_network.c:2124:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_tofrom); data/spatialite-tools-5.0.0/spatialite_network.c:2125:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:2131:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_fromto); data/spatialite-tools-5.0.0/spatialite_network.c:2132:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:2136:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, " FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_network.c:2137:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:2167:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_from, data/spatialite-tools-5.0.0/spatialite_network.c:2188:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_to, (char *) sqlite3_column_text (stmt, 1)); data/spatialite-tools-5.0.0/spatialite_network.c:2368:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_network.c:2374:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_tofrom); data/spatialite-tools-5.0.0/spatialite_network.c:2375:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:2381:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, ", \"%s\"", oneway_fromto); data/spatialite-tools-5.0.0/spatialite_network.c:2382:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:2386:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, " FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_network.c:2387:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_network.c:2418:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_from, (char *) sqlite3_column_text (stmt, 1)); data/spatialite-tools-5.0.0/spatialite_network.c:2423:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (code_to, (char *) sqlite3_column_text (stmt, 2)); data/spatialite-tools-5.0.0/spatialite_network.c:2438:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xRowid, FORMAT_64, rowid); data/spatialite-tools-5.0.0/spatialite_network.c:2456:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xIdFrom, FORMAT_64, id_from); data/spatialite-tools-5.0.0/spatialite_network.c:2457:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf (xIdTo, FORMAT_64, id_to); data/spatialite-tools-5.0.0/spatialite_osm_map.c:186:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE pt_%s (\n", layer->name); data/spatialite-tools-5.0.0/spatialite_osm_map.c:198:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:211:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO pt_%s (id, sub_type, name, Geometry) ", data/spatialite-tools-5.0.0/spatialite_osm_map.c:234:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE ln_%s (\n", layer->name); data/spatialite-tools-5.0.0/spatialite_osm_map.c:246:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:259:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO ln_%s (id, sub_type, name, Geometry) ", data/spatialite-tools-5.0.0/spatialite_osm_map.c:282:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE pg_%s (\n", layer->name); data/spatialite-tools-5.0.0/spatialite_osm_map.c:294:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:307:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO pg_%s (id, sub_type, name, Geometry) ", data/spatialite-tools-5.0.0/spatialite_osm_map.c:2491:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "SELECT CreateSpatialIndex('%s', '%s')", table, geom); data/spatialite-tools-5.0.0/spatialite_osm_net.c:703:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s\" ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:704:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:708:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:709:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:823:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s\" AS w, ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:824:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:838:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "UPDATE \"%s\" SET node_from = ?, node_to = ? ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:950:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:951:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:962:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "UPDATE \"%s\" SET length = ?, cost = ? ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1047:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE \"%s_nodes\" (\n", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1061:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "SELECT AddGeometryColumn('%s_nodes', 'geometry', ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1084:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1085:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1096:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_osm_net.c:1180:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s\"", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1181:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1192:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_osm_net.c:1270:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql2, "FROM \"%s_nodes\" AS n ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1271:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sql, sql2); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1285:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "UPDATE \"%s_nodes\" SET osm_id = ? ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1449:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO \"%s\" ", params->table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1458:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "INSERT INTO \"%s\" ", params->table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1664:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE \"%s\" (\n", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1677:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "CREATE TABLE \"%s\" (\n", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1698:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (sql, "SELECT AddGeometryColumn('%s', 'geometry', ", table); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1844:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->class_name, class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1863:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->class_name, class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1869:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->sub_class, sub_class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1888:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->class_name, class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1890:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->sub_class, sub_class); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:225:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy ((char *) (value->txt_blob_value), (const char *) p); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:350:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->table_name, table); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:357:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->parent_table, parent); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:365:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->tag_ns, tag_ns); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:369:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->tag_name, tag_name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:376:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->geometry, geometry); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:423:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->table_name, table); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:426:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->geometry, geometry); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:566:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (attr->attr_name, name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1076:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (geom->type, type); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1087:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (geom->dims, dims); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1503:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (attr->xml_reference, name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1514:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (attr->xml_reference, name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1829:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (parent, name); data/spatialite-tools-5.0.0/spatialite_xml_load.c:413:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tag->tag_ns, tag_ns); data/spatialite-tools-5.0.0/spatialite_xml_load.c:417:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (tag->tag_name, tag_name); data/spatialite-tools-5.0.0/spatialite_xml_load.c:567:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (attr->attr_value, value); data/spatialite-tools-5.0.0/spatialite_xml_load.c:701:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (xpath, path); data/spatialite-tools-5.0.0/spatialite_xml_load.c:705:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ptr->filename, filename); data/spatialite-tools-5.0.0/spatialite_xml_load.c:774:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*name, str); data/spatialite-tools-5.0.0/spatialite_xml_load.c:782:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*name, str + pos + 1); data/spatialite-tools-5.0.0/spatialite_xml_print.c:149:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (node->xml_prefix, namespace); data/spatialite-tools-5.0.0/spatialite_xml_print.c:153:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (node->xml_tag, tag); data/spatialite-tools-5.0.0/spatialite_xml_print.c:156:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (node->table, table); data/spatialite-tools-5.0.0/spatialite_xml_print.c:163:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (node->parent_table, parent); data/spatialite-tools-5.0.0/spatialite_xml_print.c:282:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (attr->attr_name, attribute); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:100:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p->schemaURI, schemaURI); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:220:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (item->path, line); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:317:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ns->Prefix, prefix); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:321:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (ns->Href, href); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:482:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (uri, ptr); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:514:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (uri, data/spatialite-tools-5.0.0/shell.c:210:24: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. HINSTANCE hinstLib = LoadLibrary (TEXT ("Kernel32.dll")); data/spatialite-tools-5.0.0/shell.c:4931:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home_dir = getenv ("USERPROFILE"); data/spatialite-tools-5.0.0/shell.c:4937:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home_dir = getenv ("HOME"); data/spatialite-tools-5.0.0/shell.c:4945:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. zDrive = getenv ("HOMEDRIVE"); data/spatialite-tools-5.0.0/shell.c:4946:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. zPath = getenv ("HOMEPATH"); data/spatialite-tools-5.0.0/spatialite_dem.c:3261:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *spatialite_dem = getenv("SPATIALITE_DEM"); data/spatialite-tools-5.0.0/exif_loader.c:152:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, tag->StringValue, len - 1); data/spatialite-tools-5.0.0/exif_loader.c:186:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, tag->StringValue, len - 1); data/spatialite-tools-5.0.0/exif_loader.c:220:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, tag->StringValue, len - 1); data/spatialite-tools-5.0.0/exif_loader.c:360:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, tag->StringValue, len - 1); data/spatialite-tools-5.0.0/exif_loader.c:413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[16]; data/spatialite-tools-5.0.0/exif_loader.c:414:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[32]; data/spatialite-tools-5.0.0/exif_loader.c:428:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (date, "0000-00-00"); data/spatialite-tools-5.0.0/exif_loader.c:475:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, timestamp, len - 1); data/spatialite-tools-5.0.0/exif_loader.c:510:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_name[128]; data/spatialite-tools-5.0.0/exif_loader.c:513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/exif_loader.c:514:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char human[1024]; data/spatialite-tools-5.0.0/exif_loader.c:515:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char make[1024]; data/spatialite-tools-5.0.0/exif_loader.c:516:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[1024]; data/spatialite-tools-5.0.0/exif_loader.c:517:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char satellites[1024]; data/spatialite-tools-5.0.0/exif_loader.c:518:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[32]; data/spatialite-tools-5.0.0/exif_loader.c:519:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[32]; data/spatialite-tools-5.0.0/exif_loader.c:532:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "BEGIN"); data/spatialite-tools-5.0.0/exif_loader.c:541:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/exif_loader.c:543:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/exif_loader.c:545:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/exif_loader.c:624:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/exif_loader.c:626:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "TypeName, CountValues) VALUES (?, ?, ?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/exif_loader.c:708:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/exif_loader.c:710:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/exif_loader.c:712:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(?, ?, ?, ?, ?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/exif_loader.c:901:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "COMMIT"); data/spatialite-tools-5.0.0/exif_loader.c:911:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "ROLLBACK"); data/spatialite-tools-5.0.0/exif_loader.c:926:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/spatialite-tools-5.0.0/exif_loader.c:934:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl = fopen (file_path, "rb"); data/spatialite-tools-5.0.0/exif_loader.c:997:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_path[1024]; data/spatialite-tools-5.0.0/exif_loader.c:1025:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_path[4096]; data/spatialite-tools-5.0.0/exif_loader.c:1026:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/spatialite-tools-5.0.0/exif_loader.c:1054:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/exif_loader.c:1091:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS ExifPhoto (\n"); data/spatialite-tools-5.0.0/exif_loader.c:1092:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PhotoId INTEGER PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1093:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "Photo BLOB NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1094:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PixelX INTEGER,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1095:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PixelY INTEGER,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1096:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CameraMake TEXT,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1097:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CameraModel TEXT,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1098:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ShotDateTime DOUBLE,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1099:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GpsGeometry BLOB, "); data/spatialite-tools-5.0.0/exif_loader.c:1100:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GpsDirection DOUBLE, "); data/spatialite-tools-5.0.0/exif_loader.c:1101:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GpsSatellites TEXT,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1102:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GpsTimestamp DOUBLE, "); data/spatialite-tools-5.0.0/exif_loader.c:1103:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FromPath TEXT"); data/spatialite-tools-5.0.0/exif_loader.c:1126:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(\"ExifPhoto\")"); data/spatialite-tools-5.0.0/exif_loader.c:1141:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns) + 5]) == 0) data/spatialite-tools-5.0.0/exif_loader.c:1189:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS ExifTags (\n"); data/spatialite-tools-5.0.0/exif_loader.c:1190:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PhotoId INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1191:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "TagId INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1192:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "TagName TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1193:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GpsTag INTEGER NOT NULL CHECK (GpsTag IN (0, 1)),\n"); data/spatialite-tools-5.0.0/exif_loader.c:1194:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/exif_loader.c:1196:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "TypeName TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1197:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CountValues INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1198:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PRIMARY KEY (PhotoId, TagId)"); data/spatialite-tools-5.0.0/exif_loader.c:1218:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(\"ExifTags\")"); data/spatialite-tools-5.0.0/exif_loader.c:1233:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns) + 5]) == 0) data/spatialite-tools-5.0.0/exif_loader.c:1274:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS ExifValues (\n"); data/spatialite-tools-5.0.0/exif_loader.c:1275:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PhotoId INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1276:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "TagId INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1277:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ValueIndex INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1278:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ByteValue BLOB,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1279:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "StringValue TEXT,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1280:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "NumValue INTEGER,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1281:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "NumValueBis INTEGER,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1282:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "DoubleValue DOUBLE,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1283:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "HumanReadable TEXT,\n"); data/spatialite-tools-5.0.0/exif_loader.c:1284:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PRIMARY KEY (PhotoId, TagId, ValueIndex)"); data/spatialite-tools-5.0.0/exif_loader.c:1307:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(\"ExifValues\")"); data/spatialite-tools-5.0.0/exif_loader.c:1322:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns) + 5]) == 0) data/spatialite-tools-5.0.0/exif_loader.c:1370:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW IF NOT EXISTS \"ExifMetadata\" AS\n"); data/spatialite-tools-5.0.0/exif_loader.c:1371:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT p.\"PhotoId\" AS 'PhotoId', "); data/spatialite-tools-5.0.0/exif_loader.c:1372:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "t.\"TagId\" AS 'TagId', "); data/spatialite-tools-5.0.0/exif_loader.c:1373:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "t.\"TagName\" AS 'TagName',"); data/spatialite-tools-5.0.0/exif_loader.c:1374:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "t.\"GpsTag\" AS 'GpsTag',\n"); data/spatialite-tools-5.0.0/exif_loader.c:1375:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "t.\"ValueType\" AS 'ValueType',"); data/spatialite-tools-5.0.0/exif_loader.c:1376:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "t.\"TypeName\" AS 'TypeName', "); data/spatialite-tools-5.0.0/exif_loader.c:1377:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "t.\"CountValues\" AS 'CountValues', "); data/spatialite-tools-5.0.0/exif_loader.c:1378:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"ValueIndex\" AS 'ValueIndex',\n"); data/spatialite-tools-5.0.0/exif_loader.c:1379:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"ByteValue\" AS 'ByteValue', "); data/spatialite-tools-5.0.0/exif_loader.c:1380:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"StringValue\" AS 'StringValue', "); data/spatialite-tools-5.0.0/exif_loader.c:1381:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"NumValue\" AS 'NumValue', "); data/spatialite-tools-5.0.0/exif_loader.c:1382:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"NumValueBis\" AS 'NumValueBis',\n"); data/spatialite-tools-5.0.0/exif_loader.c:1383:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"DoubleValue\" AS 'DoubleValue', "); data/spatialite-tools-5.0.0/exif_loader.c:1384:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v.\"HumanReadable\" AS 'HumanReadable'\n"); data/spatialite-tools-5.0.0/exif_loader.c:1385:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/exif_loader.c:1387:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/exif_loader.c:1406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/exif_loader.c:1415:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/exif_loader.c:1424:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/exif_loader.c:1432:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/shell.c:329:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mainPrompt[20]; /* First line prompt. default: "spatialite> " */ data/spatialite-tools-5.0.0/shell.c:330:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char continuePrompt[20]; /* Continuation prompt. default: " ...> " */ data/spatialite-tools-5.0.0/shell.c:447:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/shell.c:455:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CheckSpatialMetadata()"); data/spatialite-tools-5.0.0/shell.c:464:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). spatial_type = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/shell.c:472:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT DISTINCT f_table_name FROM geometry_columns"); data/spatialite-tools-5.0.0/shell.c:541:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/shell.c:549:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CheckSpatialMetadata()"); data/spatialite-tools-5.0.0/shell.c:558:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). spatial_type = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/shell.c:566:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT DISTINCT f_table_name FROM geometry_columns"); data/spatialite-tools-5.0.0/shell.c:617:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char spatialite_charset[1024] = ""; data/spatialite-tools-5.0.0/shell.c:718:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, utf8buf, (maxlen - utf8len) + 1); data/spatialite-tools-5.0.0/shell.c:756:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, utf8buf, (maxlen - utf8len) + 1); data/spatialite-tools-5.0.0/shell.c:786:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*prefix, str, len1); data/spatialite-tools-5.0.0/shell.c:829:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, utf8buf, (maxlen - utf8len) + 1); data/spatialite-tools-5.0.0/shell.c:1027:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char separator[20]; /* Separator character for MODE_List */ data/spatialite-tools-5.0.0/shell.c:1030:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nullvalue[20]; /* The text to print when a NULL comes back from data/spatialite-tools-5.0.0/shell.c:1035:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[FILENAME_MAX]; /* Filename for *out */ data/spatialite-tools-5.0.0/shell.c:1293:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (needCsvQuote[((unsigned char *) z)[i]] data/spatialite-tools-5.0.0/shell.c:1845:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&zIn[nIn], zAppend, nAppend); data/spatialite-tools-5.0.0/shell.c:1932:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (zErrMsg, sqlite3_errmsg (db), nErrMsg); data/spatialite-tools-5.0.0/shell.c:2460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/shell.c:2469:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/shell.c:2478:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/shell.c:2486:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/shell.c:2768:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int val = atoi (zArg); data/spatialite-tools-5.0.0/shell.c:2818:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (zFile, "wb"); data/spatialite-tools-5.0.0/shell.c:2862:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *azArg[50]; data/spatialite-tools-5.0.0/shell.c:3017:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). precision = atoi (azArg[4]); data/spatialite-tools-5.0.0/shell.c:3053:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). precision = atoi (azArg[5]); data/spatialite-tools-5.0.0/shell.c:3076:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi (azArg[4]); data/spatialite-tools-5.0.0/shell.c:3187:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). worksheet = atoi (azArg[3]); data/spatialite-tools-5.0.0/shell.c:3190:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (azArg[4]) == 1) data/spatialite-tools-5.0.0/shell.c:3219:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). page_size = atoi (azArg[6]); data/spatialite-tools-5.0.0/shell.c:3251:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi (azArg[2]); data/spatialite-tools-5.0.0/shell.c:3321:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). alt = fopen (azArg[1], "rb"); data/spatialite-tools-5.0.0/shell.c:3607:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p->explainPrev.colWidth, p->colWidth, data/spatialite-tools-5.0.0/shell.c:3722:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen (zFile, "rb"); data/spatialite-tools-5.0.0/shell.c:3872:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). iotrace = fopen (azArg[1], "w"); data/spatialite-tools-5.0.0/shell.c:4030:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *alt = fopen (azArg[1], "rb"); data/spatialite-tools-5.0.0/shell.c:4118:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new_argv[2], *new_colv[2]; data/spatialite-tools-5.0.0/shell.c:4132:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new_argv[2], *new_colv[2]; data/spatialite-tools-5.0.0/shell.c:4421:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). testctrl = atoi (azArg[1]); data/spatialite-tools-5.0.0/shell.c:4471:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int opt = (unsigned int) atoi (azArg[2]); data/spatialite-tools-5.0.0/shell.c:4488:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int opt = atoi (azArg[2]); data/spatialite-tools-5.0.0/shell.c:4534:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sqlite3_busy_timeout (p->db, atoi (azArg[1])); data/spatialite-tools-5.0.0/shell.c:4589:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). p->colWidth[j - 1] = atoi (azArg[j]); data/spatialite-tools-5.0.0/shell.c:4771:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (zLine, ";", 2); data/spatialite-tools-5.0.0/shell.c:4789:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (zSql, zLine, nSql + 1); data/spatialite-tools-5.0.0/shell.c:4803:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&zSql[nSql], zLine, len + 1); data/spatialite-tools-5.0.0/shell.c:4848:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zPrefix[100]; data/spatialite-tools-5.0.0/shell.c:4967:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (z, home_dir, n); data/spatialite-tools-5.0.0/shell.c:5007:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen (sqliterc, "rb"); data/spatialite-tools-5.0.0/shell.c:5077:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data->separator, "|", 2); data/spatialite-tools-5.0.0/shell.c:5184:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). szHeap = atoi (zSize); data/spatialite-tools-5.0.0/shell.c:5332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data.separator, ",", 2); data/spatialite-tools-5.0.0/shp_doctor.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/spatialite-tools-5.0.0/shp_doctor.c:69:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf_shx[256]; data/spatialite-tools-5.0.0/shp_doctor.c:74:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bf[1024]; data/spatialite-tools-5.0.0/shp_doctor.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name[16]; data/spatialite-tools-5.0.0/shp_doctor.c:134:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shp = fopen (path, "rb"); data/spatialite-tools-5.0.0/shp_doctor.c:142:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shx = fopen (path, "rb"); data/spatialite-tools-5.0.0/shp_doctor.c:150:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_dbf = fopen (path, "rb"); data/spatialite-tools-5.0.0/shp_doctor.c:256:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (field_name, bf, 11); data/spatialite-tools-5.0.0/shp_doctor.c:696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/spatialite-tools-5.0.0/shp_doctor.c:702:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bf[1024]; data/spatialite-tools-5.0.0/shp_doctor.c:734:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name[16]; data/spatialite-tools-5.0.0/shp_doctor.c:764:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shp = fopen (path, "rb"); data/spatialite-tools-5.0.0/shp_doctor.c:772:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_dbf = fopen (path, "rb"); data/spatialite-tools-5.0.0/shp_doctor.c:866:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (field_name, bf, 11); data/spatialite-tools-5.0.0/shp_doctor.c:1294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/spatialite-tools-5.0.0/shp_doctor.c:1296:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bf[1024]; data/spatialite-tools-5.0.0/shp_doctor.c:1308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name[16]; data/spatialite-tools-5.0.0/shp_doctor.c:1323:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_dbf = fopen (path, "rb"); data/spatialite-tools-5.0.0/shp_doctor.c:1360:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (field_name, bf, 11); data/spatialite-tools-5.0.0/shp_sanitize.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:273:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf_shx[256]; data/spatialite-tools-5.0.0/shp_sanitize.c:277:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bf[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name[2048]; data/spatialite-tools-5.0.0/shp_sanitize.c:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:294:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (errMsg, data/spatialite-tools-5.0.0/shp_sanitize.c:299:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shx = fopen (xpath, "rb"); data/spatialite-tools-5.0.0/shp_sanitize.c:308:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shp = fopen (xpath, "rb"); data/spatialite-tools-5.0.0/shp_sanitize.c:317:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_dbf = fopen (xpath, "rb"); data/spatialite-tools-5.0.0/shp_sanitize.c:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (field_name, bf, 11); data/spatialite-tools-5.0.0/shp_sanitize.c:424:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (field_name, bf, 11); data/spatialite-tools-5.0.0/shp_sanitize.c:587:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[512]; data/spatialite-tools-5.0.0/shp_sanitize.c:594:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:1676:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[512]; data/spatialite-tools-5.0.0/shp_sanitize.c:1853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:1885:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:1891:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[1024]; data/spatialite-tools-5.0.0/shp_sanitize.c:1898:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/spatialite-tools-5.0.0/shp_sanitize.c:1901:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (errMsg, data/spatialite-tools-5.0.0/shp_sanitize.c:1908:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shx = fopen (xpath, "wb"); data/spatialite-tools-5.0.0/shp_sanitize.c:1917:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_shp = fopen (xpath, "wb"); data/spatialite-tools-5.0.0/shp_sanitize.c:1926:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl_dbf = fopen (xpath, "wb"); data/spatialite-tools-5.0.0/shp_sanitize.c:1962:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf_shp, buf, strlen (buf)); data/spatialite-tools-5.0.0/shp_sanitize.c:2029:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/spatialite-tools-5.0.0/shp_sanitize.c:3702:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[512]; data/spatialite-tools-5.0.0/shp_sanitize.c:3728:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[512]; data/spatialite-tools-5.0.0/spatialite_convert.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:89:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatialite_history)"); data/spatialite-tools-5.0.0/spatialite_convert.c:129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:137:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:138:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "spatialite_history (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:139:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "event_id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:140:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:141:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_column TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:142:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "event TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:143:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "timestamp TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:144:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ver_sqlite TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:145:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ver_splite TEXT NOT NULL)"); data/spatialite-tools-5.0.0/spatialite_convert.c:156:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatialite_history "); data/spatialite-tools-5.0.0/spatialite_convert.c:157:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(event_id, table_name, geometry_column, event, timestamp, "); data/spatialite-tools-5.0.0/spatialite_convert.c:158:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ver_sqlite, ver_splite) "); data/spatialite-tools-5.0.0/spatialite_convert.c:159:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:173:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:197:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:214:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:1459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:1468:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1500:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:1628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:1631:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE views_geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1632:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1633:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1634:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1635:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name VARCHAR(256) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1636:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column VARCHAR(256) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1637:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_geom_cols_views PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:1638:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1639:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_views_geom_cols FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:1640:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:1641:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns (f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:1642:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:1652:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:1653:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "idx_viewsjoin ON views_geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1654:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column)"); data/spatialite-tools-5.0.0/spatialite_convert.c:1673:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:1676:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE views_geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1677:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1678:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1679:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1680:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1681:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1682:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "read_only INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1683:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_geom_cols_views "); data/spatialite-tools-5.0.0/spatialite_convert.c:1684:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PRIMARY KEY (view_name, view_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1685:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_views_geom_cols FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:1686:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:1687:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns (f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:1688:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1689:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT ck_vw_rdonly CHECK (read_only IN (0,1)))"); data/spatialite-tools-5.0.0/spatialite_convert.c:1699:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX "); data/spatialite-tools-5.0.0/spatialite_convert.c:1700:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "idx_viewsjoin ON views_geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1701:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column)"); data/spatialite-tools-5.0.0/spatialite_convert.c:1711:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_view_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1712:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1713:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1714:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1716:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1717:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1718:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1720:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1721:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1722:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1724:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1725:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1726:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1734:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_view_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1735:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE UPDATE OF 'view_name' ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1736:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1737:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1739:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1740:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1741:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1743:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1744:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1745:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1747:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1748:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1749:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1757:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_view_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1758:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1759:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1760:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1762:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1763:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1764:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1766:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1767:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1768:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1770:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1771:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1772:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1780:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_view_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1781:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1783:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1784:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1786:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1787:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1788:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1790:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1791:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1792:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1794:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1795:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1796:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1804:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_view_rowid_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1805:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE UPDATE OF 'view_rowid' ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1806:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1807:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1809:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1810:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1811:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1813:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1814:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_rowid LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1815:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1817:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1818:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_rowid <> lower(NEW.view_rowid);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1819:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1827:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_view_rowid_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1828:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1829:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1830:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1832:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1833:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_rowid LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1834:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1836:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1837:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_rowid LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1838:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1840:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_rowid value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1841:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_rowid <> lower(NEW.view_rowid);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1842:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1850:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_f_table_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1851:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1852:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1853:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1855:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1856:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1857:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1859:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1860:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1861:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1863:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1864:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1865:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1873:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_f_table_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1874:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1876:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1877:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1879:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1880:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1881:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1883:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1884:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1885:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1887:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1888:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1889:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1897:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_f_geometry_column_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1898:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1899:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1900:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1902:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1903:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1904:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1906:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1907:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1908:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1910:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1911:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1913:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1921:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER vwgc_f_geometry_column_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1922:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1924:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1925:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1927:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1928:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1929:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1931:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1932:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1933:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1935:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:1936:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1938:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:1971:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:1978:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1980:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:1989:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1991:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:1993:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "Lower(?), Lower(?), Lower(?), 1)"); data/spatialite-tools-5.0.0/spatialite_convert.c:2058:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:2073:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2075:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:2084:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2086:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name, f_geometry_column) VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:2182:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns)]) > 0) data/spatialite-tools-5.0.0/spatialite_convert.c:2529:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:2532:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:2533:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns_time (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2534:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2535:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2536:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2538:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2540:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2542:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_gc_time PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2543:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2544:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_gc_time FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2545:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2546:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES geometry_columns "); data/spatialite-tools-5.0.0/spatialite_convert.c:2547:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2548:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:2557:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gctm_f_table_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2558:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_time'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2559:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2560:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2562:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2563:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2564:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2566:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2567:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2568:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2570:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2571:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2572:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2580:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gctm_f_table_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2581:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2583:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2584:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2586:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2587:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2588:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2590:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2591:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2592:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2594:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2595:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2596:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2604:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2606:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_time'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2607:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2608:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2610:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2611:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2612:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2614:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2615:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2616:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2618:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2619:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2621:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2629:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2631:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2633:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2634:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2636:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2637:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2638:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2640:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2641:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2642:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2644:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2645:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2647:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2656:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO geometry_columns_time "); data/spatialite-tools-5.0.0/spatialite_convert.c:2657:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2658:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT f_table_name, f_geometry_column "); data/spatialite-tools-5.0.0/spatialite_convert.c:2659:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:2675:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:2678:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:2679:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns_auth (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2680:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2681:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2682:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "read_only INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2683:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "hidden INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2684:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_gc_auth PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2685:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2686:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_gc_auth FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2687:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2688:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES geometry_columns "); data/spatialite-tools-5.0.0/spatialite_convert.c:2689:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2690:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2691:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT ck_gc_ronly CHECK (read_only IN "); data/spatialite-tools-5.0.0/spatialite_convert.c:2692:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(0,1)),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2693:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT ck_gc_hidden CHECK (hidden IN "); data/spatialite-tools-5.0.0/spatialite_convert.c:2694:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(0,1)))"); data/spatialite-tools-5.0.0/spatialite_convert.c:2703:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcau_f_table_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2704:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_auth'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2705:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2706:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2708:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2709:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2710:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2712:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2713:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2714:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2716:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2717:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2718:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2726:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcau_f_table_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2727:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2729:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2730:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2732:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2733:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2734:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2736:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2737:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2738:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2740:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2741:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2742:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2750:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2752:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_auth'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2753:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2754:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2756:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2757:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2758:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2760:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2761:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2762:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2764:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2765:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2767:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2775:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2777:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2779:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2780:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2782:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2783:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2784:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2786:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2787:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2788:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2790:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2791:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2793:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2802:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO geometry_columns_auth "); data/spatialite-tools-5.0.0/spatialite_convert.c:2803:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column, read_only, hidden) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2804:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT f_table_name, f_geometry_column, 0, 0 "); data/spatialite-tools-5.0.0/spatialite_convert.c:2805:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:2821:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:2824:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:2825:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "views_geometry_columns_auth (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2826:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2827:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2828:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "hidden INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2829:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_vwgc_auth PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2830:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2831:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vwgc_auth FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2832:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2833:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES views_geometry_columns "); data/spatialite-tools-5.0.0/spatialite_convert.c:2834:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2835:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2836:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT ck_vwgc_hidden CHECK (hidden IN "); data/spatialite-tools-5.0.0/spatialite_convert.c:2837:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(0,1)))"); data/spatialite-tools-5.0.0/spatialite_convert.c:2846:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcau_view_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2847:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns_auth'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2848:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2849:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2851:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2852:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2853:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2855:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2856:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2857:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2859:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2860:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2861:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2869:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcau_view_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2870:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2872:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2873:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2875:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2876:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2877:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2879:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2880:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2881:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2883:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2884:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2885:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2893:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcau_view_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2894:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns_auth'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2895:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2896:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2898:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2899:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2900:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2902:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2903:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2904:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2906:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2907:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2908:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2916:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcau_view_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2917:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2919:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2920:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2922:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2923:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2924:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2926:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2927:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2928:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2930:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2931:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2932:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:2941:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO views_geometry_columns_auth "); data/spatialite-tools-5.0.0/spatialite_convert.c:2942:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry, hidden) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2943:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT view_name, view_geometry, 0 "); data/spatialite-tools-5.0.0/spatialite_convert.c:2944:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM views_geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:2960:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:2963:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:2964:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns_auth (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2965:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2966:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2967:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "hidden INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2968:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_vrtgc_auth PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2969:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2970:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vrtgc_auth FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:2971:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2972:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES virts_geometry_columns "); data/spatialite-tools-5.0.0/spatialite_convert.c:2973:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:2974:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2975:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT ck_vrtgc_hidden CHECK (hidden IN "); data/spatialite-tools-5.0.0/spatialite_convert.c:2976:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(0,1)))"); data/spatialite-tools-5.0.0/spatialite_convert.c:2984:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcau_virt_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2985:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns_auth'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2986:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2987:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2989:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2990:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2991:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2993:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2994:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2995:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:2997:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2998:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:2999:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3007:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcau_virt_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3008:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3010:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3011:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3013:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3014:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3015:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3017:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3018:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3019:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3021:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3022:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3023:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3031:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcau_virt_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3032:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns_auth'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3033:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3034:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3036:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3037:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3038:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3040:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3041:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3042:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3044:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3045:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3046:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3054:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcau_virt_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3055:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3057:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3058:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3060:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3061:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3062:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3064:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3065:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3066:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3068:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3069:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3070:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3079:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO virts_geometry_columns_auth "); data/spatialite-tools-5.0.0/spatialite_convert.c:3080:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry, hidden) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3081:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT virt_name, virt_geometry, 0 "); data/spatialite-tools-5.0.0/spatialite_convert.c:3082:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM virts_geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:3098:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:3101:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3102:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns_statistics (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3103:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3104:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3105:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "last_verified TIMESTAMP,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3106:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "row_count INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3107:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_x DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3108:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_y DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3109:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_x DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3110:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_y DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3111:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_gc_statistics PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3112:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3113:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_gc_statistics FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3114:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:3115:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns (f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3116:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:3125:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcs_f_table_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3126:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_statistics'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3127:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3128:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3130:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3131:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3132:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3134:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3135:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3136:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3138:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3139:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3140:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3148:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcs_f_table_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3149:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3151:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3152:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3154:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3155:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3156:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3158:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3159:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3160:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3162:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3163:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3164:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3172:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcs_f_geometry_column_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3173:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_statistics'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3174:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3175:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3177:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3178:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3179:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3181:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3182:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3183:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3185:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3186:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3188:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3196:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcs_f_geometry_column_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3197:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3199:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3200:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3202:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3203:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3204:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3206:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3207:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3208:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3210:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3211:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3213:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3222:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3223:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns_field_infos (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3224:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3225:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3226:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ordinal INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3227:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "column_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3228:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "null_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3229:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3230:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3231:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "text_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3232:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "blob_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3233:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "max_size INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3234:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_min INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3235:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_max INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3236:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_min DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3237:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_max DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3238:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_gcfld_infos PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3239:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column, ordinal, column_name),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3240:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_gcfld_infos FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3241:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:3242:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_columns (f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3243:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:3252:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcfi_f_table_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3253:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_field_infos'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3254:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3255:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3257:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3258:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3259:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3261:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3262:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3263:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3265:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3266:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3267:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3275:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS gcfi_f_table_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3276:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3278:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3279:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3281:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3282:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3283:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3285:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3286:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3287:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3289:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3290:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3291:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3299:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3301:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns_field_infos'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3302:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3303:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3305:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3306:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3307:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3309:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3310:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3311:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3313:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3314:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3316:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3324:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3326:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3328:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3329:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3331:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3332:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3333:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3335:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3336:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3337:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3339:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3340:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3342:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3351:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO geometry_columns_statistics "); data/spatialite-tools-5.0.0/spatialite_convert.c:3352:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3353:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT f_table_name, f_geometry_column "); data/spatialite-tools-5.0.0/spatialite_convert.c:3354:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:3370:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:3373:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3374:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "views_geometry_columns_statistics (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3375:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3376:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3377:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "last_verified TIMESTAMP,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3378:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "row_count INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3379:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_x DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3380:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_y DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3381:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_x DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3382:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_y DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3383:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_vwgc_statistics PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3384:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3385:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vwgc_statistics FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3386:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:3387:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "views_geometry_columns (view_name, view_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3388:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:3397:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcs_view_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3398:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns_statistics'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3399:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3400:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3402:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3403:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3404:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3406:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3407:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3408:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3410:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3411:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3412:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3420:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcs_view_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3421:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3423:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3424:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3426:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3427:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3428:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3430:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3431:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3432:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3434:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3435:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3436:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3444:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcs_view_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3445:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns_statistics'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3446:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3447:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3449:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3450:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3451:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3453:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3454:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3455:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3457:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3458:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3459:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3467:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcs_view_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3468:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3470:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3471:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3473:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3474:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3475:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3477:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3478:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3479:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3481:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3482:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3483:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3492:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3493:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "views_geometry_columns_field_infos (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3494:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3495:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3496:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ordinal INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3497:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "column_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3498:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "null_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3499:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3500:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3501:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "text_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3502:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "blob_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3503:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "max_size INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3504:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_min INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3505:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_max INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3506:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_min DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3507:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_max DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3508:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_vwgcfld_infos PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3509:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry, ordinal, column_name),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3510:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vwgcfld_infos FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3511:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:3512:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "views_geometry_columns (view_name, view_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3513:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:3522:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcfi_view_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3523:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns_field_infos'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3524:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3525:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3527:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3528:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3529:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3531:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3532:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3533:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3535:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3536:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3537:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3545:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcfi_view_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3546:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3548:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3549:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3551:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3552:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3553:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3555:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3556:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3557:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3559:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3560:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_name <> lower(NEW.view_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3561:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3569:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcfi_view_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3570:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'views_geometry_columns_field_infos'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3571:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3572:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3574:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3575:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3576:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3578:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3579:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3580:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3582:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3583:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3584:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3592:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vwgcfi_view_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3593:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3595:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3596:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3598:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3599:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3600:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3602:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3603:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3604:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3606:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3607:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.view_geometry <> lower(NEW.view_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3608:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3617:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO views_geometry_columns_statistics "); data/spatialite-tools-5.0.0/spatialite_convert.c:3618:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(view_name, view_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3619:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT view_name, view_geometry "); data/spatialite-tools-5.0.0/spatialite_convert.c:3620:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM views_geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:3636:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:3639:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3640:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns_statistics (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3641:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3642:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3643:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "last_verified TIMESTAMP,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3644:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "row_count INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3645:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_x DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3646:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_y DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3647:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_x DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3648:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_y DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3649:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_vrtgc_statistics PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3650:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3651:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vrtgc_statistics FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3652:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:3653:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns (virt_name, virt_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3654:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:3664:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcs_virt_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3665:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns_statistics'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3666:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3667:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3669:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3670:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3671:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3673:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3674:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3675:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3677:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3678:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3679:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3687:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcs_virt_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3688:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3690:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3691:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3693:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3694:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3695:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3697:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3698:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3699:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3701:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3702:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3703:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3711:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcs_virt_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3712:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns_statistics'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3713:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3714:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3716:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3717:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3718:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3720:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3721:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3722:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3724:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3725:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3726:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3734:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcs_virt_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3735:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3737:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3738:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3740:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3741:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3742:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3744:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3745:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3746:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3748:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3749:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3750:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3759:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3760:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns_field_infos (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3761:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3762:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3763:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ordinal INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3764:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "column_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3765:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "null_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3766:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3767:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3768:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "text_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3769:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "blob_values INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3770:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "max_size INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3771:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_min INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3772:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_max INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3773:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_min DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3774:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_max DOUBLE,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3775:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_vrtgcfld_infos PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3776:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry, ordinal, column_name),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3777:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vrtgcfld_infos FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:3778:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry) REFERENCES "); data/spatialite-tools-5.0.0/spatialite_convert.c:3779:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns (virt_name, virt_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3780:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON DELETE CASCADE)"); data/spatialite-tools-5.0.0/spatialite_convert.c:3790:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcfi_virt_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3791:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns_field_infos'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3792:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3793:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3795:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3796:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3797:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3799:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3800:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3801:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3803:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3804:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3805:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3813:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcfi_virt_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3814:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3816:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3817:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3819:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3820:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3821:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3823:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3824:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3825:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3827:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3828:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3829:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3837:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcfi_virt_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3838:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns_field_infos'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3839:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3840:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3842:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3843:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3844:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3846:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3847:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3848:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3850:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3851:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3852:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3860:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgcfi_virt_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3861:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3863:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3864:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3866:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3867:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3868:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3870:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3871:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3872:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3874:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3875:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3876:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:3885:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO virts_geometry_columns_statistics "); data/spatialite-tools-5.0.0/spatialite_convert.c:3886:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry) "); data/spatialite-tools-5.0.0/spatialite_convert.c:3887:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT virt_name, virt_geometry "); data/spatialite-tools-5.0.0/spatialite_convert.c:3888:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM virts_geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:3902:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[4186]; data/spatialite-tools-5.0.0/spatialite_convert.c:3906:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:3907:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sql_statements_log (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3908:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3909:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3911:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:3913:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "user_agent TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3914:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sql_statement TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3915:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "success INTEGER NOT NULL DEFAULT 0,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3916:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "error_cause TEXT NOT NULL DEFAULT 'ABORTED',\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3917:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT sqllog_success CHECK "); data/spatialite-tools-5.0.0/spatialite_convert.c:3918:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(success IN (0,1)))"); data/spatialite-tools-5.0.0/spatialite_convert.c:3980:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:3983:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW geom_cols_ref_sys AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3984:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT f_table_name, f_geometry_column, type,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3985:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension, spatial_ref_sys.srid AS srid,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3986:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_name, auth_srid, ref_sys_name, proj4text\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3987:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns, spatial_ref_sys\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:3988:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE geometry_columns.srid = spatial_ref_sys.srid"); data/spatialite-tools-5.0.0/spatialite_convert.c:4007:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4010:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW geom_cols_ref_sys AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4011:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT f_table_name, f_geometry_column, type,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4012:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension, spatial_ref_sys.srid AS srid,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4013:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_name, auth_srid, ref_sys_name, proj4text, srs_wkt\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4014:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns, spatial_ref_sys\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4015:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE geometry_columns.srid = spatial_ref_sys.srid"); data/spatialite-tools-5.0.0/spatialite_convert.c:4034:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4037:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW geom_cols_ref_sys AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4038:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT f_table_name, f_geometry_column, geometry_type,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4039:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension, spatial_ref_sys.srid AS srid,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4040:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_name, auth_srid, ref_sys_name, proj4text, srtext\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4041:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns, spatial_ref_sys\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4042:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE geometry_columns.srid = spatial_ref_sys.srid"); data/spatialite-tools-5.0.0/spatialite_convert.c:4053:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW vector_layers AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4054:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialTable' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4055:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4056:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4057:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_type AS geometry_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4058:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension AS coord_dimension, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4059:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid AS srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4060:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "spatial_index_enabled AS spatial_index_enabled\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4061:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4062:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4063:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialView' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4064:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "a.view_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4065:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "a.view_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4066:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "b.geometry_type AS geometry_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4067:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "b.coord_dimension AS coord_dimension, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4068:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "b.srid AS srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4069:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "b.spatial_index_enabled AS spatial_index_enabled\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4070:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM views_geometry_columns AS a\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4071:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "LEFT JOIN geometry_columns AS b ON ("); data/spatialite-tools-5.0.0/spatialite_convert.c:4072:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "Upper(a.f_table_name) = Upper(b.f_table_name) AND "); data/spatialite-tools-5.0.0/spatialite_convert.c:4073:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "Upper(a.f_geometry_column) = Upper(b.f_geometry_column))\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4074:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4075:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'VirtualShape' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4076:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4077:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4078:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_type AS geometry_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4079:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension AS coord_dimension, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4080:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid AS srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4081:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "0 AS spatial_index_enabled\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4082:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM virts_geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:4092:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW vector_layers_auth AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4093:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialTable' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4094:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4095:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4096:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "read_only AS read_only, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4097:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "hidden AS hidden\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4098:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns_auth\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4099:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4100:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialView' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4101:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "a.view_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4102:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "a.view_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4103:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "b.read_only AS read_only, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4104:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "a.hidden AS hidden\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4105:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM views_geometry_columns_auth AS a\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4106:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN views_geometry_columns AS b ON ("); data/spatialite-tools-5.0.0/spatialite_convert.c:4107:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "Upper(a.view_name) = Upper(b.view_name) AND "); data/spatialite-tools-5.0.0/spatialite_convert.c:4108:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "Upper(a.view_geometry) = Upper(b.view_geometry))\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4109:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4110:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'VirtualShape' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4111:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4112:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4113:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1 AS read_only, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4114:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "hidden AS hidden\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4115:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM virts_geometry_columns_auth"); data/spatialite-tools-5.0.0/spatialite_convert.c:4126:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW vector_layers_statistics AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4127:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialTable' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4128:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4129:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4130:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "last_verified AS last_verified, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4131:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "row_count AS row_count, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4132:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_x AS extent_min_x, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4133:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_y AS extent_min_y, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4134:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_x AS extent_max_x, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4135:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_y AS extent_max_y\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4136:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns_statistics\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4137:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4138:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialView' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4139:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4140:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4141:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "last_verified AS last_verified, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4142:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "row_count AS row_count, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4143:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_x AS extent_min_x, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4144:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_y AS extent_min_y, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4145:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_x AS extent_max_x, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4146:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_y AS extent_max_y\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4147:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM views_geometry_columns_statistics\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4148:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4149:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'VirtualShape' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4150:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4151:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4152:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "last_verified AS last_verified, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4153:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "row_count AS row_count, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4154:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_x AS extent_min_x, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4155:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_min_y AS extent_min_y, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4156:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_x AS extent_max_x, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4157:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "extent_max_y AS extent_max_y\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4158:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM virts_geometry_columns_statistics"); data/spatialite-tools-5.0.0/spatialite_convert.c:4169:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE VIEW vector_layers_field_infos AS\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4170:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialTable' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4171:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4172:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4173:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ordinal AS ordinal, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4174:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "column_name AS column_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4175:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "null_values AS null_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4176:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_values AS integer_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4177:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_values AS double_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4178:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "text_values AS text_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4179:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "blob_values AS blob_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4180:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "max_size AS max_size, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4181:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_min AS integer_min, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4182:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_max AS integer_max, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4183:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_min AS double_min, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4184:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_max double_max\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4185:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM geometry_columns_field_infos\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4186:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4187:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'SpatialView' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4188:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4189:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "view_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4190:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ordinal AS ordinal, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4191:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "column_name AS column_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4192:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "null_values AS null_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4193:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_values AS integer_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4194:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_values AS double_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4195:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "text_values AS text_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4196:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "blob_values AS blob_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4197:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "max_size AS max_size, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4198:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_min AS integer_min, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4199:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_max AS integer_max, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4200:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_min AS double_min, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4201:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_max double_max\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4202:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM views_geometry_columns_field_infos\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4203:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4204:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT 'VirtualShape' AS layer_type, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4205:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name AS table_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4206:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry AS geometry_column, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4207:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ordinal AS ordinal, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4208:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "column_name AS column_name, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4209:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "null_values AS null_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4210:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_values AS integer_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4211:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_values AS double_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4212:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "text_values AS text_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4213:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "blob_values AS blob_values, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4214:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "max_size AS max_size, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4215:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_min AS integer_min, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4216:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "integer_max AS integer_max, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4217:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_min AS double_min, "); data/spatialite-tools-5.0.0/spatialite_convert.c:4218:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "double_max double_max\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4219:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM virts_geometry_columns_field_infos"); data/spatialite-tools-5.0.0/spatialite_convert.c:4275:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4277:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtable[4096]; data/spatialite-tools-5.0.0/spatialite_convert.c:4278:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gtype[64]; data/spatialite-tools-5.0.0/spatialite_convert.c:4306:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi (results[(i * columns) + 1]); data/spatialite-tools-5.0.0/spatialite_convert.c:4406:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO virts_geometry_columns "); data/spatialite-tools-5.0.0/spatialite_convert.c:4407:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4456:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO virts_geometry_columns "); data/spatialite-tools-5.0.0/spatialite_convert.c:4457:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry, type, srid) "); data/spatialite-tools-5.0.0/spatialite_convert.c:4477:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:4485:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT tbl_name FROM sqlite_master "); data/spatialite-tools-5.0.0/spatialite_convert.c:4486:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE type = 'table' AND sql LIKE '%VirtualShape%' "); data/spatialite-tools-5.0.0/spatialite_convert.c:4487:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "AND sql LIKE 'CREATE VIRTUAL TABLE%'"); data/spatialite-tools-5.0.0/spatialite_convert.c:4516:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:4524:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT virt_name FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:4554:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4555:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:4556:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4557:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4558:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4559:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type VARCHAR(30) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4560:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4561:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_geom_cols_virts PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:4562:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4563:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vgc_srid FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:4564:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid) REFERENCES spatial_ref_sys (srid))"); data/spatialite-tools-5.0.0/spatialite_convert.c:4573:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX IF NOT EXISTS "); data/spatialite-tools-5.0.0/spatialite_convert.c:4574:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "idx_virtssrid ON virts_geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4575:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid)"); data/spatialite-tools-5.0.0/spatialite_convert.c:4593:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4594:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE "); data/spatialite-tools-5.0.0/spatialite_convert.c:4595:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virts_geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4596:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4597:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4598:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_type INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4599:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4600:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4601:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_geom_cols_virts PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:4602:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(virt_name, virt_geometry),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4603:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_vgc_srid FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:4604:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid) REFERENCES spatial_ref_sys (srid))"); data/spatialite-tools-5.0.0/spatialite_convert.c:4613:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX "); data/spatialite-tools-5.0.0/spatialite_convert.c:4614:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "idx_virtssrid ON virts_geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4615:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid)"); data/spatialite-tools-5.0.0/spatialite_convert.c:4624:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_virt_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4625:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4626:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4627:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4629:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4630:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4631:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4633:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4634:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4635:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4637:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4638:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4639:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4647:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_virt_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4648:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE UPDATE OF 'virt_name' ON 'virts_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4649:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4650:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4652:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4653:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4654:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4656:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4657:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4658:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4660:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4661:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_name <> lower(NEW.virt_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4662:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4670:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_virt_geometry_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4671:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4672:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4673:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4675:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4676:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4677:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4679:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4680:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4681:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4683:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4684:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4685:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4693:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_virt_geometry_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4694:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4696:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4697:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4699:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4700:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4701:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4703:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4704:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4705:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4707:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "virt_geometry value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4708:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.virt_geometry <> lower(NEW.virt_geometry);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4709:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4717:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_geometry_type_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4718:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4719:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4720:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT RAISE(ABORT,'geometry_type must be one of "); data/spatialite-tools-5.0.0/spatialite_convert.c:4721:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4722:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4723:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4724:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4725:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.geometry_type IN (0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4726:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4727:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4728:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4729:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4737:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_geometry_type_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4738:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4740:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4741:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT RAISE(ABORT,'geometry_type must be one of "); data/spatialite-tools-5.0.0/spatialite_convert.c:4742:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4743:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4744:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4745:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4746:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.geometry_type IN (0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4747:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4748:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:4749:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4750:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4758:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_coord_dimension_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4759:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'virts_geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4760:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4761:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4763:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.coord_dimension IN (2,3,4));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4764:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4772:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER IF NOT EXISTS vtgc_coord_dimension_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4773:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4775:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4776:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4778:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.coord_dimension IN (2,3,4));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:4779:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:4851:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4859:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4861:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:4870:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4872:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4940:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:4948:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4950:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:4959:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:4961:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5043:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5051:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5053:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:5062:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5064:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5137:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5139:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid, spatial_index_enabled "); data/spatialite-tools-5.0.0/spatialite_convert.c:5140:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:5149:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5151:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5240:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5252:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5254:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:5263:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5265:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5366:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5379:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5381:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:5390:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5392:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5600:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5601:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5602:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name VARCHAR(256) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5603:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column VARCHAR(256) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5604:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type VARCHAR(30) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5605:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5606:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5607:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "spatial_index_enabled INTEGER NOT NULL)"); data/spatialite-tools-5.0.0/spatialite_convert.c:5626:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5627:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5628:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5629:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5630:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5631:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5632:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5633:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "spatial_index_enabled INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5634:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_geom_cols PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:5635:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5636:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_gc_srs FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:5637:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid) REFERENCES spatial_ref_sys (srid))"); data/spatialite-tools-5.0.0/spatialite_convert.c:5646:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_srid_geocols ON geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5647:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid) "); data/spatialite-tools-5.0.0/spatialite_convert.c:5666:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5667:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE geometry_columns (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5668:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5669:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5670:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "geometry_type INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5671:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "coord_dimension INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5672:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5673:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "spatial_index_enabled INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5674:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_geom_cols PRIMARY KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:5675:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(f_table_name, f_geometry_column),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5676:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_gc_srs FOREIGN KEY "); data/spatialite-tools-5.0.0/spatialite_convert.c:5677:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid) REFERENCES spatial_ref_sys (srid),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5678:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT ck_gc_rtree CHECK "); data/spatialite-tools-5.0.0/spatialite_convert.c:5679:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(spatial_index_enabled IN (0,1,2)))"); data/spatialite-tools-5.0.0/spatialite_convert.c:5688:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_srid_geocols ON geometry_columns\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5689:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(srid) "); data/spatialite-tools-5.0.0/spatialite_convert.c:5700:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_f_table_name_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5701:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5702:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5703:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5705:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5706:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5707:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5709:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5710:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5711:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5713:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5714:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5715:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5725:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_f_table_name_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5726:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE UPDATE OF 'f_table_name' ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5727:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5728:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5730:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5731:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5732:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5734:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5735:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5736:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5738:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_table_name value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5739:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_table_name <> lower(NEW.f_table_name);\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5740:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5750:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_f_geometry_column_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5751:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5752:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5753:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5755:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5756:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5757:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5759:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5760:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5761:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5763:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5764:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5766:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5776:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_f_geometry_column_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5777:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5779:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5780:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5782:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a single quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5783:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%''%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5784:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5786:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must not contain a double quote')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5787:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NEW.f_geometry_column LIKE ('%\"%');\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5788:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5790:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "f_geometry_column value must be lower case')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5791:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5793:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5803:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_geometry_type_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5804:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5805:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5806:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT RAISE(ABORT,'geometry_type must be one of "); data/spatialite-tools-5.0.0/spatialite_convert.c:5807:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5808:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5809:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5810:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5811:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.geometry_type IN (0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5812:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5813:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5814:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5815:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5825:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_geometry_type_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5826:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE UPDATE OF 'geometry_type' ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5827:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5828:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT RAISE(ABORT,'geometry_type must be one of "); data/spatialite-tools-5.0.0/spatialite_convert.c:5829:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5830:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5831:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5832:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007')\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5833:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.geometry_type IN (0,1,2,3,4,5,6,7,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5834:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "1000,1001,1002,1003,1004,1005,1006,1007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5835:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "2000,2001,2002,2003,2004,2005,2006,2007,"); data/spatialite-tools-5.0.0/spatialite_convert.c:5836:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "3000,3001,3002,3003,3004,3005,3006,3007));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5837:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5847:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_coord_dimension_insert\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5848:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE INSERT ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5849:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5850:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5852:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.coord_dimension IN (2,3,4));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5853:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5863:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TRIGGER geometry_columns_coord_dimension_update\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5864:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "BEFORE UPDATE OF 'coord_dimension' ON 'geometry_columns'\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5865:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FOR EACH ROW BEGIN\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5866:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:5868:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE NOT(NEW.coord_dimension IN (2,3,4));\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:5869:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "END"); data/spatialite-tools-5.0.0/spatialite_convert.c:5941:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:5949:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT srid, auth_name, auth_srid, ref_sys_name, proj4text "); data/spatialite-tools-5.0.0/spatialite_convert.c:5950:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:5959:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:5960:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name, proj4text) VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6037:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT srid, auth_name, auth_srid, ref_sys_name, proj4text "); data/spatialite-tools-5.0.0/spatialite_convert.c:6038:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:6047:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:6048:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name, proj4text) VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6126:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT srid, auth_name, auth_srid, ref_sys_name, proj4text "); data/spatialite-tools-5.0.0/spatialite_convert.c:6127:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:6136:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:6137:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name, proj4text) VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6214:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:6216:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:6225:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:6226:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name, proj4text, srtext) VALUES (?, ?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6314:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT srid, auth_name, auth_srid, ref_sys_name, proj4text "); data/spatialite-tools-5.0.0/spatialite_convert.c:6315:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:6324:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:6325:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name, proj4text) VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6391:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6399:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_convert.c:6401:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM \"cvt-input tmp-cvt\""); data/spatialite-tools-5.0.0/spatialite_convert.c:6410:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO spatial_ref_sys (srid, auth_name, auth_srid, "); data/spatialite-tools-5.0.0/spatialite_convert.c:6411:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name, proj4text, srs_wkt) VALUES (?, ?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6486:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE spatial_ref_sys (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6487:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6488:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_name VARCHAR(256) NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6489:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6490:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name VARCHAR(256),\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6491:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "proj4text VARCHAR(2048) NOT NULL)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6510:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE spatial_ref_sys (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6511:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6512:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6513:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6514:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6515:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "proj4text TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6516:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srs_wkt TEXT)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6524:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE UNIQUE INDEX idx_spatial_ref_sys \n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6525:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON spatial_ref_sys (auth_srid, auth_name)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6544:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_convert.c:6545:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE spatial_ref_sys (\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6546:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srid INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6547:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6548:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "auth_srid INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6549:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_sys_name TEXT NOT NULL DEFAULT 'Unknown',\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6550:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "proj4text TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6551:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "srtext TEXT NOT NULL DEFAULT 'Undefined')"); data/spatialite-tools-5.0.0/spatialite_convert.c:6559:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE UNIQUE INDEX idx_spatial_ref_sys \n"); data/spatialite-tools-5.0.0/spatialite_convert.c:6560:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ON spatial_ref_sys (auth_srid, auth_name)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6648:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns) + 0]) == 1) data/spatialite-tools-5.0.0/spatialite_convert.c:6681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:6691:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT coord_dimension FROM geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:6723:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:6733:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT geometry_type FROM geometry_columns"); data/spatialite-tools-5.0.0/spatialite_convert.c:6743:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_convert.c:6809:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_convert.c:6825:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_convert.c:6852:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_convert.c:6888:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_convert.c:7028:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). version = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:186:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dem_path[MAXBUF]; data/spatialite-tools-5.0.0/spatialite_dem.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dem_table[MAXBUF]; data/spatialite-tools-5.0.0/spatialite_dem.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dem_geometry[MAXBUF]; data/spatialite-tools-5.0.0/spatialite_dem.c:266:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *conf_file = fopen(conf_filename, "r"); data/spatialite-tools-5.0.0/spatialite_dem.c:269:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXBUF]; data/spatialite-tools-5.0.0/spatialite_dem.c:317:36: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). config_struct.dem_rows_count=atol(conf_value); data/spatialite-tools-5.0.0/spatialite_dem.c:321:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). config_struct.dem_srid=atoi(conf_value); data/spatialite-tools-5.0.0/spatialite_dem.c:325:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). config_struct.default_srid=atoi(conf_value); data/spatialite-tools-5.0.0/spatialite_dem.c:361:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *conf_file = fopen(conf_filename, "w"); data/spatialite-tools-5.0.0/spatialite_dem.c:1798:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_dem.c:1807:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_dem.c:1816:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_dem.c:1824:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_dem.c:1867:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *xyz_file = fopen(xyz_filename, "rt"); data/spatialite-tools-5.0.0/spatialite_dem.c:1874:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXBUF]; data/spatialite-tools-5.0.0/spatialite_dem.c:2104:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *xyz_file = fopen(xyz_path_filename, "rt"); data/spatialite-tools-5.0.0/spatialite_dem.c:2107:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXBUF]; data/spatialite-tools-5.0.0/spatialite_dem.c:2321:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *db_file = fopen(path_dem, "r"); data/spatialite-tools-5.0.0/spatialite_dem.c:3329:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). copy_m = atoi(argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3344:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). source_config.default_srid = atoi(argv[i]); data/spatialite-tools-5.0.0/spatialite_dem.c:3345:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dem_config.default_srid = atoi(argv[i]); data/spatialite-tools-5.0.0/spatialite_dxf.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_dxf.c:82:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_dxf.c:91:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_dxf.c:99:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_dxf.c:224:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_dxf.c:227:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_gml.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fid_tag[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fid_prefix[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fid_name[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:307:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:308:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:372:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi (srs + i + 1); data/spatialite-tools-5.0.0/spatialite_gml.c:434:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (params->CharData + params->CharDataLen, s, len); data/spatialite-tools-5.0.0/spatialite_gml.c:602:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:603:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:942:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coord[128]; data/spatialite-tools-5.0.0/spatialite_gml.c:1012:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coord[128]; data/spatialite-tools-5.0.0/spatialite_gml.c:1273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:1282:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_gml.c:1291:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_gml.c:1299:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_gml.c:1315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:1355:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_gml.c:1391:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_gml.c:1440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[4192]; data/spatialite-tools-5.0.0/spatialite_gml.c:1441:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[1024]; data/spatialite-tools-5.0.0/spatialite_gml.c:1448:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PkUID INTEGER PRIMARY KEY AUTOINCREMENT"); data/spatialite-tools-5.0.0/spatialite_gml.c:1470:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "\n)"); data/spatialite-tools-5.0.0/spatialite_gml.c:1485:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'POINT'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1489:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'MULTIPOINT'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1493:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'LINESTRING'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1497:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'MULTILINESTRING'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1501:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'POLYGON'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1505:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'MULTIPOLYGON'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1509:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'GEOMETRYCOLLECTION'"); data/spatialite-tools-5.0.0/spatialite_gml.c:1513:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", 'XY')"); data/spatialite-tools-5.0.0/spatialite_gml.c:1526:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "PkUID"); data/spatialite-tools-5.0.0/spatialite_gml.c:1534:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", geometry) VALUES (NULL"); data/spatialite-tools-5.0.0/spatialite_gml.c:1538:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", ?"); data/spatialite-tools-5.0.0/spatialite_gml.c:1541:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ", ?)"); data/spatialite-tools-5.0.0/spatialite_gml.c:1634:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buff[BUFFSIZE]; data/spatialite-tools-5.0.0/spatialite_gml.c:1831:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xml_file = fopen (gml_path, "rb"); data/spatialite-tools-5.0.0/spatialite_network.c:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[32]; data/spatialite-tools-5.0.0/spatialite_network.c:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code[32]; data/spatialite-tools-5.0.0/spatialite_network.c:262:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pN.code, code, 31); data/spatialite-tools-5.0.0/spatialite_network.c:359:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pP->code, code, 31); data/spatialite-tools-5.0.0/spatialite_network.c:482:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xRowid[128]; data/spatialite-tools-5.0.0/spatialite_network.c:565:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_code[32]; data/spatialite-tools-5.0.0/spatialite_network.c:814:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:834:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "BEGIN"); data/spatialite-tools-5.0.0/spatialite_network.c:855:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "\"Id\" INTEGER PRIMARY KEY, \"NetworkData\" BLOB NOT NULL)"); data/spatialite-tools-5.0.0/spatialite_network.c:1004:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, auxbuf, size); data/spatialite-tools-5.0.0/spatialite_network.c:1027:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "COMMIT"); data/spatialite-tools-5.0.0/spatialite_network.c:1054:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1087:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1096:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_network.c:1105:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_network.c:1113:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_network.c:1136:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1137:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code_from[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code_to[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xRowid[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1191:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xIdFrom[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xIdTo[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1904:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1905:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1946:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code_from[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1947:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char code_to[1024]; data/spatialite-tools-5.0.0/spatialite_network.c:1951:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xRowid[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1952:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xIdFrom[128]; data/spatialite-tools-5.0.0/spatialite_network.c:1953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xIdTo[128]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:180:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT node_id FROM osm_nodes WHERE filtered = 1"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:189:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT n.node_id, n.version, n.timestamp, "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:190:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "n.uid, n.user, n.changeset, ST_X(n.Geometry), "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:191:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ST_Y(n.Geometry), t.k, t.v "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:192:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_nodes AS n "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:193:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "LEFT JOIN osm_node_tags AS t ON (t.node_id = n.node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:194:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE n.node_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:195:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY n.node_id, t.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:348:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:356:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT way_id FROM osm_ways WHERE filtered = 1"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:365:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT w.way_id, w.version, w.timestamp, w.uid, "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:366:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "w.user, w.changeset, n.node_id "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:367:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_ways AS w "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:368:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN osm_way_refs AS n ON (n.way_id = w.way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:369:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE w.way_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:370:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY w.way_id, n.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:379:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT t.k, t.v "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:380:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_ways AS w "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:381:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN osm_way_tags AS t ON (t.way_id = w.way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:382:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE w.way_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:383:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY w.way_id, t.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:560:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:570:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT rel_id FROM osm_relations WHERE filtered = 1"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:579:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT r.rel_id, r.version, r.timestamp, r.uid, "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:580:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "r.user, r.changeset, n.role, n.ref "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:581:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:582:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:584:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.rel_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:585:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY r.rel_id, n.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:594:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT r.rel_id, r.version, r.timestamp, r.uid, "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:595:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "r.user, r.changeset, w.role, w.ref "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:596:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:597:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:599:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.rel_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:600:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY r.rel_id, w.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:609:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT r.rel_id, r.version, r.timestamp, r.uid, "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:610:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "r.user, r.changeset, x.role, x.ref "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:611:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:612:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:614:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.rel_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:615:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY r.rel_id, x.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:624:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT t.k, t.v "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:625:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:626:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN osm_relation_tags AS t ON (t.rel_id = r.rel_id) "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:627:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.rel_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:628:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ORDER BY r.rel_id, t.sub"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:823:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:828:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA journal_mode=OFF"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:838:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_nodes SET filtered = 0"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:848:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_ways SET filtered = 0"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:858:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_relations SET filtered = 0"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:868:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA journal_mode=DELETE"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:888:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_relations SET filtered = 1 "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:889:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE rel_id IN ("); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:890:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT x.ref "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:891:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:892:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:894:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.filtered = 1)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:909:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:913:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_ways SET filtered = 1 "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:914:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE way_id IN ( "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:915:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT w.ref "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:916:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:917:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:919:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.filtered = 1)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:934:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:938:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_nodes SET filtered = 1 "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:939:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE node_id IN ( "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:940:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT n.ref "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:941:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_relations AS r "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:942:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:944:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE r.filtered = 1)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:959:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:963:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_nodes SET filtered = 1 "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:964:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE node_id IN ( SELECT n.node_id "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:965:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "FROM osm_ways AS w "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:966:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN osm_way_refs AS n ON (w.way_id = n.way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:967:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE w.filtered = 1)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:982:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1000:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_nodes SET filtered = 1 WHERE node_id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1009:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_ways SET filtered = 1 WHERE way_id IN ("); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1010:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT way_id FROM osm_way_refs WHERE node_id = ?)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1019:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_relations SET filtered = 1 WHERE rel_id IN ("); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1020:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1030:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT node_id FROM osm_nodes "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1031:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE MbrIntersects(Geometry, ?) = 1 "); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1032:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "AND ST_Intersects(Geometry, ?) = 1"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1142:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen (wkt_path, "r"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1245:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1250:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1286:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1319:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_nodes)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1356:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_node_tags)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1385:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_ways)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1425:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_way_tags)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1457:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_way_refs)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1486:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_relations)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1526:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_relation_tags)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1558:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(osm_relation_refs)"); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1677:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1842:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen (osm_path, "wb"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:187:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:188:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub_type TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:189:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:213:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:235:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:236:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub_type TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:237:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:261:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:278:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:283:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:284:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub_type TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:285:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:309:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:681:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT id, lat, lon FROM osm_tmp_nodes "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:682:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id IN ("); data/spatialite-tools-5.0.0/spatialite_osm_map.c:688:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ",?"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:1275:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT id, Geometry FROM osm_tmp_ways "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1276:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id IN ("); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1282:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ",?"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1585:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:1632:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT id, area, Geometry FROM osm_tmp_ways "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1633:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id IN ("); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1639:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, ",?"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1986:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:1995:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2004:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2012:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2028:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:2069:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2074:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2110:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2143:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_tmp_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2144:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2145:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lat DOUBLE NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2146:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lon DOUBLE NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2156:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_tmp_ways (\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2157:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2158:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "area INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2167:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2178:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE pt_generic (\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2179:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2180:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2188:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2199:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE pt_addresses (\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2200:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2201:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "country TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2202:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "city TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2203:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "postcode TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2204:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "street TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2205:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "housename TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2206:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "housenumber TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2215:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2226:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE ln_generic (\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2227:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2228:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2236:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2247:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE pg_generic (\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2248:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2249:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2257:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:2363:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_tmp_nodes (id, lat, lon) "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2364:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2375:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_tmp_ways (id, area, geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2376:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2387:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO pt_generic (id, name, Geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2388:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2399:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2401:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2412:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO ln_generic (id, name, Geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2413:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2424:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO pg_generic (id, name, Geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2425:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2487:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:2507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_map.c:2514:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_map.c:2619:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_osm_net.c:695:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:700:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT OR IGNORE INTO graph_nodes (lon, lat) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:701:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT ST_X(ST_StartPoint(Geometry)), "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:702:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ST_Y(ST_StartPoint(Geometry)) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:705:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "UNION "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:706:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT ST_X(ST_EndPoint(Geometry)), "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:707:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ST_Y(ST_EndPoint(Geometry)) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:728:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT n.ROWID, t.id FROM osm_tmp_nodes AS t "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:729:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN graph_nodes AS n ON (t.lon = n.lon AND t.lat = n.lat)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:737:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE graph_nodes SET osm_id = ? "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:738:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE ROWID = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:808:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:809:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:822:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT w.id, n1.ROWID, n2.ROWID "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:825:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "graph_nodes AS n1, graph_nodes AS n2 "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:826:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE n1.lon = ST_X(ST_StartPoint(w.Geometry)) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:827:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "AND n1.lat = ST_Y(ST_StartPoint(w.Geometry)) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:828:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "AND n2.lon = ST_X(ST_EndPoint(w.Geometry)) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:829:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "AND n2.lat = ST_Y(ST_EndPoint(w.Geometry))"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:839:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:935:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:936:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:949:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT id, class, GreatCircleLength(Geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:963:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1040:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:1041:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql2[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:1048:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1049:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "osm_id INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1050:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "cardinality INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1062:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, " 4326, 'POINT', 'XY')"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1082:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT node_from, ST_StartPoint(Geometry), "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1083:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_to, ST_EndPoint(Geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1099:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, 0, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1179:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT node_from, node_to "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1194:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE node_id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1269:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT n.node_id, t.osm_id "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1272:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN graph_nodes AS t ON ("); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1273:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ST_X(n.Geometry) = t.lon AND "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1274:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ST_Y(n.Geometry) = t.lat)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1286:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE node_id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1383:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:1410:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_tmp_nodes (id, lat, lon, ref_count) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1411:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, 0)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1422:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "UPDATE osm_tmp_nodes SET ref_count = (ref_count + 1) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1423:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1434:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT lon, lat, ref_count FROM osm_tmp_nodes "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1435:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "WHERE id = ?"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1450:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(id, osm_id, node_from, node_to, class, "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1451:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, data/spatialite-tools-5.0.0/spatialite_osm_net.c:1453:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (NULL, ?, -1, -1, ?, ?, ?, ?, -1, -1, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1459:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "(id, osm_id, node_from, node_to, class, "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1460:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name, length, cost, geometry) "); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1461:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (NULL, ?, -1, -1, ?, ?, -1, -1, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1485:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:1493:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1501:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1507:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:1563:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1568:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1603:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1633:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_tmp_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1634:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1635:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lat DOUBLE NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1636:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lon DOUBLE NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1637:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref_count INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1647:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE graph_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1648:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lon DOUBLE NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1649:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lat DOUBLE NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1650:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "osm_id INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1651:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_nodes PRIMARY KEY (lon, lat))\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1665:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1666:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "osm_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1667:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "class TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1668:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_from INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1669:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_to INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1670:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1671:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "length DOUBLE NOT NULL,\n"), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1672:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "cost DOUBLE NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1678:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1679:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "osm_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1680:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "class TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1681:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_from INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1682:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_to INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1683:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1684:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "oneway_fromto INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1685:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "oneway_tofrom INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1686:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "length DOUBLE NOT NULL,\n"), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1687:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "cost DOUBLE NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1699:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, " 4326, 'LINESTRING', 'XY')"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1903:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clean[8192]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:2027:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[8192]; data/spatialite-tools-5.0.0/spatialite_osm_net.c:2031:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen (template_path, "rb"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:2070:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *out = fopen (template_path, "w"); data/spatialite-tools-5.0.0/spatialite_osm_net.c:2358:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:631:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *version = atoi (attr_version); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:636:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *uid = atoi (attr_uid); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:640:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *changeset = atoi (attr_changeset); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1040:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1069:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1071:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1074:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_nodes (node_id, Geometry) VALUES (?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1085:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_node_tags (node_id, sub, k, v) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1086:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1097:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_ways (way_id) VALUES (?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1108:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_way_tags (way_id, sub, k, v) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1109:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1120:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_way_refs (way_id, sub, node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1121:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1132:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_relations (rel_id) VALUES (?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1143:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_relation_tags (rel_id, sub, k, v) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1144:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1155:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1157:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1193:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1202:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1210:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1230:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_helper_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1231:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1232:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_count INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1242:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_helper_nodes (node_id, way_count) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1243:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT n.node_id, Count(*) FROM osm_nodes AS n "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1244:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN osm_way_refs AS w ON (w.node_id = n.node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1245:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GROUP BY n.node_id"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1256:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE road_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1257:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1265:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1275:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE road_arcs (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1276:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "arc_id INTEGER PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1277:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "osm_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1278:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_from INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1279:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_to INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1280:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1281:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1282:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "lanes INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1283:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "maxspeed INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1284:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "oneway_ft INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1285:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "oneway_tf INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1286:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_arc_from FOREIGN KEY (node_from)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1287:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES road_nodes (node_id),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1288:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_arc_to FOREIGN KEY (node_to)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1289:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES road_nodes (node_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1297:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1307:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_roads_from ON road_arcs (node_from)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1317:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_roads_to ON road_arcs (node_to)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1334:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1337:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CreateSpatialIndex('road_nodes', 'Geometry')"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1346:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CreateSpatialIndex('road_arcs', 'Geometry')"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1796:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_helper_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1797:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1798:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_count INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1808:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_helper_nodes (node_id, way_count) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1809:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "SELECT n.node_id, Count(*) FROM osm_nodes AS n "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1810:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "JOIN osm_way_refs AS w ON (w.node_id = n.node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1811:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "GROUP BY n.node_id"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1822:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE rail_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1823:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1831:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1841:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE rail_arcs (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1842:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "arc_id INTEGER PRIMARY KEY AUTOINCREMENT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1843:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "osm_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1844:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_from INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1845:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_to INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1846:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1847:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1848:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "gauge INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1849:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "tracks INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1850:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "electrified INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1851:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "voltage INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1852:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "operator TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1853:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_arc_from FOREIGN KEY (node_from)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1854:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES rail_nodes (node_id),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1855:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_arc_to FOREIGN KEY (node_to)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1856:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES rail_nodes (node_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1864:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1874:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_rails_from ON rail_arcs (node_from)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1884:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_rails_to ON rail_arcs (node_to)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1894:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE rail_stations (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1895:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "station_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1896:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "name TEXT\n,"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1897:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "operator TEXT)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1905:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1923:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1926:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CreateSpatialIndex('rail_nodes', 'Geometry')"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1935:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CreateSpatialIndex('rail_arcs', 'Geometry')"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1944:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT CreateSpatialIndex('rail_stations', 'Geometry')"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2369:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2373:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_node_tags ON osm_node_tags (k)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2383:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_way_tags ON osm_node_tags (k)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2393:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_relation_tags ON osm_node_tags (k)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3671:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3677:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3678:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3679:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "version INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3680:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "timestamp TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3681:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "uid INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3682:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "user TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3683:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "changeset INTEGER)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3687:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3688:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3697:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3707:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_node_tags (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3708:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3709:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3710:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "k TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3711:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3712:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_nodetags PRIMARY KEY (node_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3713:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_nodetags FOREIGN KEY (node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3714:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_nodes (node_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3723:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_ways (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3724:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_id INTEGER NOT NULL PRIMARY KEY)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3733:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_way_tags (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3734:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3735:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3736:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "k TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3737:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3738:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_waytags PRIMARY KEY (way_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3739:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_waytags FOREIGN KEY (way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3740:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_ways (way_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3749:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_way_refs (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3750:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3751:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3752:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3753:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_waynoderefs PRIMARY KEY (way_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3754:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_waynoderefs FOREIGN KEY (way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3755:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_ways (way_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3764:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_osm_ref_way ON osm_way_refs (node_id)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3774:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_relations (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3775:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "rel_id INTEGER NOT NULL PRIMARY KEY)\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3784:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_relation_tags (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3785:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "rel_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3786:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3787:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "k TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3788:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3789:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_reltags PRIMARY KEY (rel_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3790:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_reltags FOREIGN KEY (rel_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3791:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_relations (rel_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3801:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_relation_refs (\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3802:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "rel_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3803:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3804:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3805:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3806:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "role TEXT,"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3807:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_relnoderefs PRIMARY KEY (rel_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3808:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_relnoderefs FOREIGN KEY (rel_id) "); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3809:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_relations (rel_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3819:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3838:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3878:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3882:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA foreign_keys=1"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3886:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3922:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:4150:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:454:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_raw.c:481:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_raw.c:483:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?, ?, 0, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:494:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_node_tags (node_id, sub, k, v) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:495:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:506:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_raw.c:508:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?, ?, 0)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:519:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_way_tags (way_id, sub, k, v) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:520:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:531:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_way_refs (way_id, sub, node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:532:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:543:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_raw.c:545:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?, ?, 0)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:556:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "INSERT INTO osm_relation_tags (rel_id, sub, k, v) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:557:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:568:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_raw.c:570:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "VALUES (?, ?, ?, ?, ?)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_raw.c:606:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:615:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:623:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:639:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_osm_raw.c:680:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:685:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(geometry_columns)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:721:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "PRAGMA table_info(spatial_ref_sys)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:754:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_nodes (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:755:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:756:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "version INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:757:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "timestamp TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:758:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "uid INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:759:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "user TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:760:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "changeset INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:761:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "filtered INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:770:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_raw.c:781:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_node_tags (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:782:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:783:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:784:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "k TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:785:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:786:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_nodetags PRIMARY KEY (node_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:787:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_nodetags FOREIGN KEY (node_id) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:788:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_nodes (node_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:798:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_ways (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:799:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:800:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "version INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:801:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "timestamp TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:802:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "uid INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:803:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "user TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:804:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "changeset INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:805:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "filtered INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:815:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_way_tags (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:816:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:817:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:818:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "k TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:819:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:820:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_waytags PRIMARY KEY (way_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:821:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_waytags FOREIGN KEY (way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:822:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_ways (way_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:832:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_way_refs (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:833:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "way_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:834:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:835:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "node_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:836:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_waynoderefs PRIMARY KEY (way_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:837:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_waynoderefs FOREIGN KEY (way_id) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:838:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_ways (way_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:848:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE INDEX idx_osm_ref_way ON osm_way_refs (node_id)"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:859:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_relations (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:860:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "rel_id INTEGER NOT NULL PRIMARY KEY,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:861:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "version INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:862:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "timestamp TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:863:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "uid INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:864:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "user TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:865:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "changeset INTEGER,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:866:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "filtered INTEGER NOT NULL)\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:876:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_relation_tags (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:877:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "rel_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:878:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:879:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "k TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:880:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "v TEXT,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:881:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_reltags PRIMARY KEY (rel_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:882:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_reltags FOREIGN KEY (rel_id) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:883:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_relations (rel_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:894:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "CREATE TABLE osm_relation_refs (\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:895:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "rel_id INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:896:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "sub INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:897:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "type TEXT NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:898:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "ref INTEGER NOT NULL,\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:899:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "role TEXT,"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:900:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT pk_osm_relnoderefs PRIMARY KEY (rel_id, sub),\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:901:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "CONSTRAINT fk_osm_relnoderefs FOREIGN KEY (rel_id) "); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:902:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sql, "REFERENCES osm_relations (rel_id))\n"); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:913:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, data/spatialite-tools-5.0.0/spatialite_osm_raw.c:1029:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_tool.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_tool.c:83:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_tool.c:92:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_tool.c:100:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_tool.c:339:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). srid = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (value->txt_blob_value, p, size); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1082:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). geom->srid = atoi (srid); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1786:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns) + 5]) == 1) data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1789:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (atoi (results[(i * columns) + 5]) == 1) data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1852:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1861:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1870:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1878:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:2008:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:2040:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:2124:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:2127:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). name_level = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:2301:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int level = atoi (results[(i * columns) + 5]); data/spatialite-tools-5.0.0/spatialite_xml_load.c:204:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_buf, buf->Buffer, buf->WriteOffset); data/spatialite-tools-5.0.0/spatialite_xml_load.c:210:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf->Buffer + buf->WriteOffset, payload, size); data/spatialite-tools-5.0.0/spatialite_xml_load.c:233:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (params->CharData + params->CharDataLen, s, len); data/spatialite-tools-5.0.0/spatialite_xml_load.c:779:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*ns, str, pos); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1164:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi (results[(i * columns) + 5]) == 1) data/spatialite-tools-5.0.0/spatialite_xml_load.c:1174:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (atoi (results[(i * columns) + 5]) == 1) data/spatialite-tools-5.0.0/spatialite_xml_load.c:1991:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (gml_expr, value, len); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2194:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_xml_load.c:2203:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT Count(*) from sqlite_master"); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2212:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (results[(i * columns) + 0]); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2220:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (sql, "SELECT InitSpatialMetadataFull(1)"); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_xml_load.c:2259:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2300:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (elapsed, "%d:%02d:%02d.%03d", hh, mins, secs, millis); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2307:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char progress[64]; data/spatialite-tools-5.0.0/spatialite_xml_load.c:2308:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (progress, "........................................"); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2395:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buff[BUFFSIZE]; data/spatialite-tools-5.0.0/spatialite_xml_load.c:2404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char elapsed[64]; data/spatialite-tools-5.0.0/spatialite_xml_load.c:2449:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2452:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). name_level = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2455:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). parent_levels = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2637:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xml_file = fopen (xml_path, "rb"); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2743:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xml_file = fopen (xml_path, "rb"); data/spatialite-tools-5.0.0/spatialite_xml_print.c:261:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prefix, reference + a, len); data/spatialite-tools-5.0.0/spatialite_xml_print.c:900:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[1024]; data/spatialite-tools-5.0.0/spatialite_xml_print.c:920:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (sql, "PRAGMA cache_size=%d", cache_size); data/spatialite-tools-5.0.0/spatialite_xml_print.c:992:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cache_size = atoi (argv[i]); data/spatialite-tools-5.0.0/spatialite_xml_print.c:1077:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen (xml_path, "w"); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:207:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *in = fopen (path, "rb"); data/spatialite-tools-5.0.0/exif_loader.c:146:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:180:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:214:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:354:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (tag->StringValue); data/spatialite-tools-5.0.0/exif_loader.c:469:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen (timestamp); data/spatialite-tools-5.0.0/exif_loader.c:547:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/exif_loader.c:566:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, make, strlen (make), SQLITE_STATIC); data/spatialite-tools-5.0.0/exif_loader.c:571:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 5, model, strlen (model), SQLITE_STATIC); data/spatialite-tools-5.0.0/exif_loader.c:576:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 6, date, strlen (date), SQLITE_STATIC); data/spatialite-tools-5.0.0/exif_loader.c:599:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 9, satellites, strlen (satellites), data/spatialite-tools-5.0.0/exif_loader.c:605:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 10, timestamp, strlen (timestamp), data/spatialite-tools-5.0.0/exif_loader.c:609:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 11, path, strlen (path), SQLITE_STATIC); data/spatialite-tools-5.0.0/exif_loader.c:627:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/exif_loader.c:687:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, tag_name, strlen (tag_name), data/spatialite-tools-5.0.0/exif_loader.c:691:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 6, type_desc, strlen (type_desc), data/spatialite-tools-5.0.0/exif_loader.c:713:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/exif_loader.c:749:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (pT->StringValue), data/spatialite-tools-5.0.0/exif_loader.c:877:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (human), data/spatialite-tools-5.0.0/exif_loader.c:1104:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, ")"); data/spatialite-tools-5.0.0/exif_loader.c:1199:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, ")"); data/spatialite-tools-5.0.0/exif_loader.c:1285:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, ")"); data/spatialite-tools-5.0.0/shell.c:485:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/shell.c:579:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/shell.c:657:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (spatialite_charset, charset, sizeof (spatialite_charset) - 1); data/spatialite-tools-5.0.0/shell.c:705:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (buf); data/spatialite-tools-5.0.0/shell.c:743:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (buf); data/spatialite-tools-5.0.0/shell.c:782:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen (pt + 1); data/spatialite-tools-5.0.0/shell.c:816:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (buf); data/spatialite-tools-5.0.0/shell.c:1377:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:1476:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:1519:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:1573:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:1612:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:1651:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:1690:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (azArg[i]) + 1; data/spatialite-tools-5.0.0/shell.c:3279:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (azArg[7]) > 0) data/spatialite-tools-5.0.0/shell.c:3284:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (azArg[8]) > 0) data/spatialite-tools-5.0.0/shell.c:4014:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (mainPrompt, azArg[1], data/spatialite-tools-5.0.0/shell.c:4019:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (continuePrompt, azArg[2], data/spatialite-tools-5.0.0/shell.c:4816:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8len = strlen (zSql) * 4; data/spatialite-tools-5.0.0/shell.c:4823:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (utf8Sql, zSql, utf8len - 1); data/spatialite-tools-5.0.0/shp_sanitize.c:435:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (path); data/spatialite-tools-5.0.0/shp_sanitize.c:501:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:509:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:523:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:538:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:553:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:569:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:682:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:1962:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (buf_shp, buf, strlen (buf)); data/spatialite-tools-5.0.0/shp_sanitize.c:1973:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (path); data/spatialite-tools-5.0.0/shp_sanitize.c:2002:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:2010:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (errMsg); data/spatialite-tools-5.0.0/shp_sanitize.c:2315:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/spatialite-tools-5.0.0/shp_sanitize.c:2362:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/spatialite-tools-5.0.0/shp_sanitize.c:3949:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (file_name); data/spatialite-tools-5.0.0/shp_sanitize.c:3998:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/shp_sanitize.c:4017:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/shp_sanitize.c:4036:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/shp_sanitize.c:4070:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (path); data/spatialite-tools-5.0.0/shp_sanitize.c:4073:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/spatialite_convert.c:161:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:171:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, table, strlen (table), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:176:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, sql, strlen (sql), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:249:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (sqlite, sql_statement, strlen (sql_statement), data/spatialite-tools-5.0.0/spatialite_convert.c:260:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, table, strlen (table), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:287:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (sqlite, sql_statement, strlen (sql_statement), data/spatialite-tools-5.0.0/spatialite_convert.c:349:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (sqlite, sql_statement, strlen (sql_statement), data/spatialite-tools-5.0.0/spatialite_convert.c:360:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, table, strlen (table), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:387:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (sqlite, sql_statement, strlen (sql_statement), data/spatialite-tools-5.0.0/spatialite_convert.c:480:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (sqlite, sql_statement, strlen (sql_statement), data/spatialite-tools-5.0.0/spatialite_convert.c:491:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, table, strlen (table), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:492:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, column, strlen (column), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:736:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (p_table); data/spatialite-tools-5.0.0/spatialite_convert.c:739:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (p_column); data/spatialite-tools-5.0.0/spatialite_convert.c:1981:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:1994:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:2013:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:2016:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:2019:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 3, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:2022:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 4, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:2025:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:2076:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:2087:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:2124:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, p_table1, strlen (p_table1), data/spatialite-tools-5.0.0/spatialite_convert.c:2126:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, p_column1, strlen (p_column1), data/spatialite-tools-5.0.0/spatialite_convert.c:2128:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 3, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:2130:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 4, p_table2, strlen (p_table2), data/spatialite-tools-5.0.0/spatialite_convert.c:2132:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, p_column2, strlen (p_column2), data/spatialite-tools-5.0.0/spatialite_convert.c:4862:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:4874:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:4893:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:4896:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:4899:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 3, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:4951:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:4963:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:4982:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:4985:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5054:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5066:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5085:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5088:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5091:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 3, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5141:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5153:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5172:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5175:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5255:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5267:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5294:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, p_table, strlen (p_table), data/spatialite-tools-5.0.0/spatialite_convert.c:5296:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, p_column, strlen (p_column), data/spatialite-tools-5.0.0/spatialite_convert.c:5326:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 3, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5382:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5394:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5421:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 1, p_table, strlen (p_table), data/spatialite-tools-5.0.0/spatialite_convert.c:5423:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, p_column, strlen (p_column), data/spatialite-tools-5.0.0/spatialite_convert.c:5557:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 3, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5559:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 4, dims, strlen (dims), data/spatialite-tools-5.0.0/spatialite_convert.c:5951:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5961:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:5982:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:5993:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:5996:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6039:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6049:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6070:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6082:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:6085:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6128:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6138:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6159:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6170:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:6173:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6217:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6227:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6248:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6260:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:6263:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6273:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:6316:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6326:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6347:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6356:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:6358:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6402:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_in, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6412:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_out, NULL); data/spatialite-tools-5.0.0/spatialite_convert.c:6433:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 2, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6442:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_convert.c:6444:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt_out, 5, txt_value, strlen (txt_value), data/spatialite-tools-5.0.0/spatialite_convert.c:6451:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (txt_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_dem.c:236:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(config_struct.dem_path,""); data/spatialite-tools-5.0.0/spatialite_dem.c:237:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(config_struct.dem_table,""); data/spatialite-tools-5.0.0/spatialite_dem.c:238:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(config_struct.dem_geometry,""); data/spatialite-tools-5.0.0/spatialite_dem.c:264:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((conf_filename) && (strlen(conf_filename) > 0) ) data/spatialite-tools-5.0.0/spatialite_dem.c:280:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conf_value = conf_value + strlen(DELIM); data/spatialite-tools-5.0.0/spatialite_dem.c:1887:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr_strtod) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:1897:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr_strtod) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:1904:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr_strtod) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:1926:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(directory_from_filename,xyz_filename,slash-xyz_filename); data/spatialite-tools-5.0.0/spatialite_dem.c:2128:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr_strtod) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:2138:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr_strtod) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:2145:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen(ptr_strtod) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:2435:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && ( (source_config) && (strlen(source_config->dem_path) == 0))) data/spatialite-tools-5.0.0/spatialite_dem.c:2435:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && ( (source_config) && (strlen(source_config->dem_path) == 0))) data/spatialite-tools-5.0.0/spatialite_dem.c:2569:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0) && (strlen(source_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2569:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0) && (strlen(source_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2569:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0) && (strlen(source_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2636:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strcmp(source_config->dem_path,".xyz") != 1)) data/spatialite-tools-5.0.0/spatialite_dem.c:2659:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2659:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2659:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2694:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (source_config) && (strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2694:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (source_config) && (strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:2816:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config->dem_path) > 0) data/spatialite-tools-5.0.0/spatialite_dem.c:2848:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:2848:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:2848:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:2850:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0) && (strlen(source_config->dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:2850:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0) && (strlen(source_config->dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:2850:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(source_config->dem_path) > 0) && (strlen(source_config->dem_table) > 0) && (strlen(source_config->dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:3053:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0) && (dem_config->dem_srid > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3053:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0) && (dem_config->dem_srid > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3053:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0) && (dem_config->dem_srid > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3119:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config->dem_path) <= 0) data/spatialite-tools-5.0.0/spatialite_dem.c:3123:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config->dem_table) <= 0) data/spatialite-tools-5.0.0/spatialite_dem.c:3127:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config->dem_geometry) <= 0) data/spatialite-tools-5.0.0/spatialite_dem.c:3169:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3169:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3169:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3169:125: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(source_config->dem_path) > 0) && (strlen(dem_config->dem_path) > 0) && (strlen(dem_config->dem_table) > 0) && (strlen(dem_config->dem_geometry) > 0)) data/spatialite-tools-5.0.0/spatialite_dem.c:3284:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config.dem_path) > 0) data/spatialite-tools-5.0.0/spatialite_dem.c:3499:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config.dem_geometry) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:3508:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config.dem_path) > 0) && (strlen(dem_config.dem_table) > 0) && (strlen(dem_config.dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:3508:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config.dem_path) > 0) && (strlen(dem_config.dem_table) > 0) && (strlen(dem_config.dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:3508:83: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(dem_config.dem_path) > 0) && (strlen(dem_config.dem_table) > 0) && (strlen(dem_config.dem_geometry) > 0) && data/spatialite-tools-5.0.0/spatialite_dem.c:3518:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dem_config.dem_path) == 0) data/spatialite-tools-5.0.0/spatialite_dem.c:3530:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source_config.dem_path) == 0) data/spatialite-tools-5.0.0/spatialite_gml.c:161:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen (dummy); i++) data/spatialite-tools-5.0.0/spatialite_gml.c:231:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (data); data/spatialite-tools-5.0.0/spatialite_gml.c:290:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/spatialite_gml.c:368:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen (srs) - 1; i >= 0; i--) data/spatialite-tools-5.0.0/spatialite_gml.c:797:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (col->txt_value), data/spatialite-tools-5.0.0/spatialite_gml.c:960:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen (coord); i++) data/spatialite-tools-5.0.0/spatialite_gml.c:1543:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_network.c:259:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (code); data/spatialite-tools-5.0.0/spatialite_network.c:356:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (code); data/spatialite-tools-5.0.0/spatialite_network.c:389:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (code) + 1; data/spatialite-tools-5.0.0/spatialite_network.c:866:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_network.c:893:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (table) + 1; data/spatialite-tools-5.0.0/spatialite_network.c:901:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (from_column) + 1; data/spatialite-tools-5.0.0/spatialite_network.c:909:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (to_column) + 1; data/spatialite-tools-5.0.0/spatialite_network.c:920:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (geom_column) + 1; data/spatialite-tools-5.0.0/spatialite_network.c:932:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name_column) + 1; data/spatialite-tools-5.0.0/spatialite_network.c:1395:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_network.c:1709:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_network.c:2138:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_network.c:2388:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:181:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &node_query, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:196:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:357:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &way_query, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:371:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:384:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_tag, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:571:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &rel_query, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:586:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_nd, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:601:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_way, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:616:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_rel, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:629:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_tag, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1001:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_nodes, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1011:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_ways, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1022:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &stmt_rels, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1033:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query, NULL); data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1150:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (getc (in) != EOF) data/spatialite-tools-5.0.0/spatialite_osm_filter.c:1166:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (in)) != EOF) data/spatialite-tools-5.0.0/spatialite_osm_map.c:215:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_map.c:263:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_map.c:311:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_map.c:356:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub_type, strlen (sub_type), data/spatialite-tools-5.0.0/spatialite_osm_map.c:362:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:400:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:436:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (country), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:441:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (city), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:446:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (postcode), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:451:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (street), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:456:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (housename), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:461:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (housenumber), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:686:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, "?"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:690:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, ")"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:691:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_map.c:793:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub_type, strlen (sub_type), data/spatialite-tools-5.0.0/spatialite_osm_map.c:799:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name, strlen (name), data/spatialite-tools-5.0.0/spatialite_osm_map.c:846:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub_type, strlen (sub_type), data/spatialite-tools-5.0.0/spatialite_osm_map.c:852:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:883:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:911:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1280:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, "?"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1284:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, ")"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1285:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1401:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub_type, strlen (sub_type), data/spatialite-tools-5.0.0/spatialite_osm_map.c:1407:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name, strlen (name), data/spatialite-tools-5.0.0/spatialite_osm_map.c:1637:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, "?"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1641:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (sql, ")"); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1642:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1799:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sub_type, strlen (sub_type), data/spatialite-tools-5.0.0/spatialite_osm_map.c:1805:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1846:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:1885:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_map.c:2366:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_map.c:2378:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_map.c:2390:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_map.c:2403:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_map.c:2415:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_map.c:2427:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:255:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_arcs_stmt, 2, class, strlen (class), data/spatialite-tools-5.0.0/spatialite_osm_net.c:257:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_arcs_stmt, 3, name, strlen (name), data/spatialite-tools-5.0.0/spatialite_osm_net.c:355:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_arcs_stmt, 2, class, strlen (class), data/spatialite-tools-5.0.0/spatialite_osm_net.c:357:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_arcs_stmt, 3, name, strlen (name), data/spatialite-tools-5.0.0/spatialite_osm_net.c:410:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_arcs_stmt, 2, class, strlen (class), data/spatialite-tools-5.0.0/spatialite_osm_net.c:412:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_arcs_stmt, 3, name, strlen (name), data/spatialite-tools-5.0.0/spatialite_osm_net.c:730:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_net.c:739:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &update_stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_net.c:830:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &query_stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_net.c:840:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (handle, sql, strlen (sql), &update_stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_net.c:952:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:964:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1086:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1100:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1182:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1196:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1275:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1287:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1413:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1425:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1437:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1464:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_net.c:1772:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (line); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1841:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1859:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len1 = strlen (class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1860:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len2 = strlen (sub_class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1884:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len1 = strlen (class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1885:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len2 = strlen (sub_class); data/spatialite-tools-5.0.0/spatialite_osm_net.c:1917:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = (int) strlen (clean) - 1; i >= 0; i--) data/spatialite-tools-5.0.0/spatialite_osm_net.c:1984:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (k) > 0) data/spatialite-tools-5.0.0/spatialite_osm_net.c:1997:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (k) > 0 && strlen (v) > 0) data/spatialite-tools-5.0.0/spatialite_osm_net.c:1997:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (k) > 0 && strlen (v) > 0) data/spatialite-tools-5.0.0/spatialite_osm_net.c:2039:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (in)) != EOF) data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:296:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_node_tags_stmt, 3, k, strlen (k), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:298:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_node_tags_stmt, 4, v, strlen (v), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:335:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_way_tags_stmt, 3, k, strlen (k), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:337:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_way_tags_stmt, 4, v, strlen (v), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:358:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_relation_refs_stmt, 3, type, strlen (type), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:361:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_relation_refs_stmt, 5, role, strlen (role), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:381:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_relation_tags_stmt, 3, k, strlen (k), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:383:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_relation_tags_stmt, 4, v, strlen (v), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:414:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (timestamp), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:419:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (params->ins_nodes_stmt, 5, user, strlen (user), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1076:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1088:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1099:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1111:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1123:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1134:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1146:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1159:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1504:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1520:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1532:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1546:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:1984:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2000:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2018:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2030:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2045:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2058:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2444:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2496:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (layer->ins_point_stmt, 2, type, strlen (type), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2501:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (layer->ins_point_stmt, 3, name, strlen (name), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2556:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2611:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (type), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2616:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2671:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2726:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (type), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2731:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2787:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2842:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (type), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2847:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2902:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2957:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (type), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:2962:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3263:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3281:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3298:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3315:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_overpass.c:3331:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:111:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (node->timestamp), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:120:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (node->user), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:154:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (p_tag->key), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:159:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (p_tag->value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:192:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (way->timestamp), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:201:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (way->user), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:227:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (p_tag->key), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:232:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (p_tag->value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:286:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (relation->timestamp), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:295:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (relation->user), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:321:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (p_tag->key), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_osm_raw.c:326:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p_tag->value, strlen (p_tag->value), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:364:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p_member->role, strlen (p_member->role), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:485:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:497:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:510:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:522:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:534:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:547:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:559:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_osm_raw.c:572:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_prepare_v2 (params->db_handle, sql, strlen (sql), data/spatialite-tools-5.0.0/spatialite_xml2utf8.c:104:12: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getchar (); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:223:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen ((const char *) p); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:348:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (table); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:355:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (parent); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:363:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (tag_ns); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:367:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (tag_name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:374:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (geometry); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:421:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (table); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:424:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (geometry); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:564:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:794:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (sqlite, sql, strlen (sql), &stmt1, NULL); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:801:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (sqlite, sql_del, strlen (sql_del), &stmt2, NULL); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1074:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (type); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1085:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (dims); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1148:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &sel_stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1178:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &upd_stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1268:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((const char *) main_value), data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1293:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((const char data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1501:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1512:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1726:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_collapse.c:1827:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (name); data/spatialite-tools-5.0.0/spatialite_xml_load.c:352:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (table->table_name); data/spatialite-tools-5.0.0/spatialite_xml_load.c:367:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (table->parent_table); data/spatialite-tools-5.0.0/spatialite_xml_load.c:411:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (tag_ns); data/spatialite-tools-5.0.0/spatialite_xml_load.c:415:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (tag_name); data/spatialite-tools-5.0.0/spatialite_xml_load.c:563:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (value); data/spatialite-tools-5.0.0/spatialite_xml_load.c:653:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen (str); i++) data/spatialite-tools-5.0.0/spatialite_xml_load.c:698:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (path); data/spatialite-tools-5.0.0/spatialite_xml_load.c:703:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (filename); data/spatialite-tools-5.0.0/spatialite_xml_load.c:762:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); data/spatialite-tools-5.0.0/spatialite_xml_load.c:780:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str + pos + 1); data/spatialite-tools-5.0.0/spatialite_xml_load.c:847:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < (int) strlen (str); i++) data/spatialite-tools-5.0.0/spatialite_xml_load.c:1444:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1464:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1527:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (ptr->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1542:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, tbl->table_name, strlen (tbl->table_name), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1549:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->tag->tag_ns), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1551:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->tag->tag_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1556:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->parent_table), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1560:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 6, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1565:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 7, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1604:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (ptr->db_handle, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1622:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, tbl->table_name, strlen (tbl->table_name), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1625:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1627:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1629:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1646:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->table_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1648:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1650:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1652:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1668:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, tbl->table_name, strlen (tbl->table_name), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1671:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1673:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1684:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, xml, strlen (xml), sqlite3_free); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1701:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->table_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1703:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1705:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1715:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, xml, strlen (xml), sqlite3_free); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1734:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->table_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1736:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1738:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1749:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, xml, strlen (xml), sqlite3_free); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1764:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->table_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1766:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1768:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1779:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, xml, strlen (xml), sqlite3_free); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1799:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (tbl->table_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1814:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, xlhr, strlen (xlhr), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1820:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 2, gmid, strlen (gmid), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1825:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (attr->attr_name), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1830:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (attr->attr_name), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1832:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 3, str, strlen (str), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1861:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 4, xml, strlen (xml), sqlite3_free); data/spatialite-tools-5.0.0/spatialite_xml_load.c:1906:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, pos, filename, strlen (filename), data/spatialite-tools-5.0.0/spatialite_xml_load.c:1928:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (attr->attr_value) - 1, data/spatialite-tools-5.0.0/spatialite_xml_load.c:1940:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (attr->attr_value), SQLITE_STATIC); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2035:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gmlDynBufferAppend (params->CollapsedGML, el, strlen (el)); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2044:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gmlDynBufferAppend (params->CollapsedGML, k, strlen (k)); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2046:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gmlDynBufferAppend (params->CollapsedGML, v, strlen (v)); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2071:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gmlDynBufferAppend (params->CollapsedGML, el, strlen (el)); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2081:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (k)); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2084:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (v)); data/spatialite-tools-5.0.0/spatialite_xml_load.c:2141:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gmlDynBufferAppend (params->CollapsedGML, el, strlen (el)); data/spatialite-tools-5.0.0/spatialite_xml_print.c:147:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (namespace); data/spatialite-tools-5.0.0/spatialite_xml_print.c:151:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (tag); data/spatialite-tools-5.0.0/spatialite_xml_print.c:154:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (table); data/spatialite-tools-5.0.0/spatialite_xml_print.c:161:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (parent); data/spatialite-tools-5.0.0/spatialite_xml_print.c:174:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (sqlite, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_print.c:244:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp (start, reference, strlen (start)) == 0) data/spatialite-tools-5.0.0/spatialite_xml_print.c:246:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int a = strlen (start); data/spatialite-tools-5.0.0/spatialite_xml_print.c:248:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = a; i < (int) strlen (reference); i++) data/spatialite-tools-5.0.0/spatialite_xml_print.c:280:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (attribute); data/spatialite-tools-5.0.0/spatialite_xml_print.c:307:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (sqlite, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_print.c:385:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (sqlite, sql, strlen (sql), &stmt, NULL); data/spatialite-tools-5.0.0/spatialite_xml_print.c:446:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (dirty); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:98:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (schemaURI); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:166:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (path); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:184:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc (in)) != EOF) data/spatialite-tools-5.0.0/spatialite_xml_validator.c:218:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (line); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:315:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (prefix); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:319:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (href); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:470:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (str); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:480:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (ptr); data/spatialite-tools-5.0.0/spatialite_xml_validator.c:511:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ((const char *) ANALYSIS SUMMARY: Hits = 3133 Lines analyzed = 50987 in approximately 1.68 seconds (30404 lines/second) Physical Source Lines of Code (SLOC) = 45642 Hits@level = [0] 2512 [1] 479 [2] 2330 [3] 6 [4] 318 [5] 0 Hits@level+ = [0+] 5645 [1+] 3133 [2+] 2654 [3+] 324 [4+] 318 [5+] 0 Hits/KSLOC@level+ = [0+] 123.68 [1+] 68.6429 [2+] 58.1482 [3+] 7.09872 [4+] 6.96727 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.