Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/latex/svg/root.C
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/latex/mcmthesis/code/mcmthesis-sudoku.cpp
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/generic/c-pascal/prog/sun.c
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/generic/docbytex/base.c
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/generic/docbytex/main.c
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/generic/docbytex/win.c
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/generic/docbytex/cosi.c
Examining data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c
Examining data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommon.h
Examining data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflibhead.h
Examining data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommonhead.h
Examining data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/otibet/oct2otp.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/mul.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/printf.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/string.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/fibonacci-rec.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/float.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/empty-main.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/func-ptr.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/complex-memory.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/sum-rec.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/mandelbrot.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/shift.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c
Examining data/texlive-extra-2020.20200925/texmf-dist/source/latex/fancynum/tables.c
FINAL RESULTS:
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:30:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (g2n_filename, argv[1], FILE_LEN);
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:35:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat (tex_filename, argv[1], FILE_LEN);
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:41:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (g2n_file,
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1367:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var,"%s%d",var0,ch);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1368:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varh,"%s%d",varh0,ch);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1377:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varname,"%s%d",var,ch);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1378:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varnameh,"%s%d",varh,ch);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1379:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dirfname,"%s%s",Dirname,fname);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1380:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dirfnameh,"%s%s",Dirname,fnameh);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1406:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varnow,"%s%s%d",var,"u",i);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1407:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varhnow,"%s%s%d",varh,"u",i);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1433:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varnow,"%s%s%d",var,"v",j);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1434:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varhnow,"%s%s%d",varh,"v",j);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1453:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dirfname,"%s%s",Dirname,fname);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1456:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varname,"%s%s",var,chc);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1488:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var,"%s%d",var0,chfd);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1489:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varh,"%s%d",varh0,chfd);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1502:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varname,"%s%d",var,chfd);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1503:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varnameh,"%s%d",varh,chfd);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1504:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dirfname,"%s%s",Dirname,fname);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1505:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dirfnameh,"%s%s",Dirname,fnameh);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1637:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varnow,"%s%d",var,chcut);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1638:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(varhnow,"%s%d",varh,chcut);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:2062:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(strtmp,"%s%s",str,tmp);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:402:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outpos," %12.3f %12.3f %12.3f %12.3f %12.3f 0 c %s\n",-r*BzK,-r,-r,-r*BzK,-r,action);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:416:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outpos," %12.3f %12.3f %12.3f %12.3f %12.3f 0 c %s\n",-w*BzK,-h,-w,-h*BzK,-w,action);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:1321:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
inname = strcpy(malloc((length+5)*sizeof(char)),s);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:1322:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
outname = strcpy(malloc((length+5)*sizeof(char)),s);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1757:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1787:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1988:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, KTITBEG);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1994:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, KTITSHA);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2000:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, KTITMISS);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2005:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, KTITEMPTY);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2010:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, KTITEND);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2098:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2122:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, exlist[l]);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2153:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2192:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, obuf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2201:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, obuf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2225:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2246:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2270:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2287:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, exkv[l]); /* Exchange v-cmd => k-cmd; */
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2293:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, buf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2297:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2331:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, in);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2338:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (l == KHVONUM) strcpy(ret, buf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2348:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (l == KHVONUM) strcpy(ret, buf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2518:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cbuf, ibuf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4868:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
a[i] = '\0'; strcat(a, BAFALSE); i += strlen(BAFALSE);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5957:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a, entry);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5995:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a, IKILLNAME); i = i + strlen(IKILLNAME);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6151:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a, head); i += strlen(head);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6153:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(a, NKILLNAME); i += strlen(NKILLNAME);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6221:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, linestr);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/fancynum/tables.c:76:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(texformat,table_line,format,format,format);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/fancynum/tables.c:77:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer,(const char*)texformat,a,a);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:126:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, format, ap );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:397:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( name, Jobname );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:398:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( name, suffix );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:450:11: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( execvp( MakeIndex, argv ) ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:502:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( IDX, Jobname );
data/texlive-extra-2020.20200925/texmf-dist/doc/latex/mcmthesis/code/mcmthesis-sudoku.cpp:23:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:222:24: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( ( retVal = getopt_long( argc, argv, short_options,
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:225:24: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( ( retVal = getopt( argc, argv, short_options ) ) != - 1 ) {
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:16:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g2n_filename[FILE_LEN+5];
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tex_filename[FILE_LEN+5];
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codepoint[5];
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char glyphname [LINE_LEN+1];
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:31:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (g2n_filename, ".g2n");
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:32:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g2n_file = fopen (g2n_filename, "r+");
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:36:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (tex_filename, ".tex");
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:37:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tex_file = fopen (tex_filename, "w+");
data/texlive-extra-2020.20200925/texmf-dist/doc/generic/c-pascal/prog/sun.c:6:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weekdays[7][15]={"Sunday", "Monday", "Tuesday", "Wednesday",
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommon.h:712:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"w");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommon.h:723:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"r");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommon.h:744:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"w");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommon.h:755:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"r");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/ketcommon.h:776:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"w");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:12:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,wa);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:54:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,wa);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:121:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"a");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:130:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"w");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:145:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"r");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[20];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varh[20];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varnow[40];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1364:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varhnow[40];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirfname[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirfnameh[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1372:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varnameh[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chc[10];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1449:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(chc,"%d",chfd);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirfname[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1454:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[20];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varh[20];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varnow[40];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varhnow[40];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirfname[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirfnameh[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1495:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varnameh[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[100], str2[100];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1980:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstrorg[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1982:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstr[256];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1986:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strtmp[30];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1987:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10];
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1991:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"r");
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:2032:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp[0]='\0'; sprintf(tmp,"%c",dstr[jj]);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:2055:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
tmp[0]='\0'; sprintf(tmp,"%c",dstr[jj]);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/complex-memory.c:3:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
volatile char foo[30];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/mul.c:3:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
volatile char foo[30];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/mul.c:12:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
foo[3] = (unsigned char)((unsigned char )foo[1] / (unsigned char)foo[0]);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/printf.c:4:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/printf.c:6:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
volatile char buf[3];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/avremu/test-suite/shift.c:3:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
volatile char foo[30];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:95:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputbuffer[1000000];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:353:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer,"\n %12.3f %12.3f %12.3f %12.3f %12.3f %12.3f c",x1,y1,x2,y2,x3,y3);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:358:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer,"\n %12.3f %12.3f l",x1,y1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:363:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer,"\n %12.3f %12.3f m",x1,y1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:368:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer," %12.3f w",w);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:374:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer," [%12.3f] %12.3f d",dashsize,phase);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:385:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer,"%12.3f %12.3f %12.3f %12.3f %12.3f %12.3f cm\n",x11,x12,x21,x22,x,y);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:396:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outpos," %12.3f 0 m %12.3f %12.3f %12.3f %12.3f 0 %12.3f c\n",-r,-r,r*BzK,-r*BzK,r,r);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:398:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outpos," %12.3f %12.3f %12.3f %12.3f %12.3f 0 c\n",r*BzK,r,r,r*BzK,r);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:400:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outpos," %12.3f %12.3f %12.3f %12.3f 0 %12.3f c\n",r,-r*BzK,r*BzK,-r,-r);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:410:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outpos," %12.3f 0 m %12.3f %12.3f %12.3f %12.3f 0 %12.3f c\n",-w,-w,h*BzK,-w*BzK,h,h);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:412:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outpos," %12.3f %12.3f %12.3f %12.3f %12.3f 0 c\n",w*BzK,h,w,h*BzK,w);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:414:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outpos," %12.3f %12.3f %12.3f %12.3f 0 %12.3f c\n",w,-h*BzK,w*BzK,-h,-h);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:423:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer," %12.3f G",grayscale);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:426:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer," %12.3f g",grayscale);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:434:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer," %12.3f %12.3f %12.3f %12.3f K",c,m,y,k);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:437:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer," %12.3f %12.3f %12.3f %12.3f k",c,m,y,k);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:449:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer,"\n %12.3f %12.3f %12.3f %12.3f re",x,y,w,h);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:454:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outputbuffer,"\n %12.3f %12.3f m %12.3f %12.3f l %12.3f %12.3f l h",x1,y1,x2,y2,x3,y3);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:948:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( finput = fopen(filename,"r") ) == 0 ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:1327:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( inname+length, ".ax1" );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:1328:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( outname+length, ".ax2" );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:1331:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( outfile = fopen(outname,"w") ) == 0 ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:115:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lineptr[MAXLINES];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:129:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subAptr[MAXBACOLS][MAXLINES];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:130:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subBptr[MAXBACOLS][MAXLINES];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:131:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subCptr[MAXBACOLS][MAXLINES];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:166:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *subRptr[BAALLRCOLS][MAXLINES];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:229:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filelist[MAXFILES];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1752:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1843:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1896:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN], fub[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2033:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[MAXLEN], obuf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN], cbuf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN], cbuf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2471:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[MAXLEN], cbuf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2671:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2771:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "file %d ", filenum);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3584:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLEN], fub[MAXLEN], *lp = p, *anf = p;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, in[MAXLEN], out[MAXLEN], num[2*NUMLEN], last, buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5015:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a_buf[MAXLEN], b_buf[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufa[MAXLEN], bufb[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5275:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufa[MAXLEN], bufb[MAXLEN], bufc[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5372:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufa[MAXLEN], bufb[MAXLEN], bufc[MAXLEN], bufd[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5955:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[MAXLEN], *p, xx[1], *AAp, *ABp, *ACp;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6077:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qbuf[MAXLEN] = "", pbuf[MAXLEN] = "";
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6152:14: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(a, " {}{"); i += 4;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, linestr[MAXLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAXFILENAMLEN];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6356:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = fopen(filenam, "r");
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6467:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void testdrucken(int linec, int alllines, int deep, char *subptr[MAXBACOLS][MAXLINES])
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6711:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen(outname, "w")) == NULL)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6728:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen(outname, "r")) != NULL)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6731:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfile = fopen(outname, "w")) != NULL)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:7083:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = fopen(inname, "r");
data/texlive-extra-2020.20200925/texmf-dist/source/latex/fancynum/tables.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char texformat[100];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/fancynum/tables.c:64:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
texfile = fopen(filename,"w");
data/texlive-extra-2020.20200925/texmf-dist/source/latex/fancynum/tables.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[500];
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:399:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( name, ".idx" );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:401:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( file = fopen( name, "w" ) ) == NULL ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:494:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fIDX = fopen( IDX, "r" ) ) == NULL ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:503:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( IDX, ".idx" );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:504:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( ( fIDX = fopen( IDX, "r" ) ) == NULL ) {
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:40:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc (g2n_file); while (ch != '\n') { ch = getc (g2n_file);}
data/texlive-extra-2020.20200925/texmf-dist/doc/fonts/libertine/g2ntotex.c:40:51: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc (g2n_file); while (ch != '\n') { ch = getc (g2n_file);}
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1356:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(fnameh)>0){
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1481:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(fnameh)==0){
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:1997:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nn=strlen(var);
data/texlive-extra-2020.20200925/texmf-dist/scripts/ketcindy/ketlibC/surflib.h:2001:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jj=strlen(dstr);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/axodraw2/axohelp.c:1320:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(s);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:334:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pos = strlen(p);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:616:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(RELAX);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:688:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (r=strlen(TOMFNSYMBOL));
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:718:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(NEWFNSYMBOL);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:730:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cmd == 0 || cmd == 6) && cmdtyp < 2 && strncmp(p, "\\delimiter", (len=strlen("\\delimiter"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:735:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 6) && cmdtyp == 2 && strncmp(p, "\"26B30D", (len=strlen("\"26B30D"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:741:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 6) && cmdtyp == 2 && strncmp(p, "\"026B30D", (len=strlen("\"026B30D"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:747:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 4 || cmd == 5) && cmdtyp < 2 && strncmp(p, "\\mathchar", (len=strlen("\\mathchar"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:752:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 5) && cmdtyp == 3 && strncmp(p, "\"27B", (len=strlen("\"27B"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:758:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 5) && cmdtyp < 2 && strncmp(p, "\\mathparagraph", (len=strlen("\\mathparagraph"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:764:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 4) && cmdtyp == 3 && strncmp(p, "\"278", (len=strlen("\"278"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:770:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 4) && cmdtyp < 2 && strncmp(p, "\\mathsection", (len=strlen("\\mathsection"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:776:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 3) && cmdtyp < 2 && strncmp(p, "\\ddagger", (len=strlen("\\ddagger"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:782:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 2) && cmdtyp < 2 && strncmp(p, "\\dagger", (len=strlen("\\dagger"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:788:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((cmd == 0 || cmd == 1) && cmdtyp < 2 && strncmp(p, "*", (len=strlen("*"))) == 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:845:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int r = BADNUM, num = 0, len = strlen(OLDBIGROMAN), vor = 1;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1575:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(infile);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1734:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(p), sw = 0;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1788:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1976:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(KTITBEG)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1977:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(KTITSHA)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1978:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(KTITMISS)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1979:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(KTITEMPTY)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:1980:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(KTITEND)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2200:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "*"); /* keep fmt[l] */
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2207:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, p, pos);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2245:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(ret, cbuf, end);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2286:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ret) + strlen(exkv[l]) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2286:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ret) + strlen(exkv[l]) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2289:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(exkv[l]);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ret) + strlen(buf) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2292:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ret) + strlen(buf) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2295:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(buf);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2296:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ret) + strlen(p) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2296:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ret) + strlen(p) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2328:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (form[0] == '\0' || strlen(form) != KHVONUM)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2332:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ret);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2437:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(i) > 58)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2439:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else ll = 58 - strlen(i);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2629:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (i < FONTC && lcmdcmp(p, fonts[i]) == 0 && (l=strlen(fonts[i])) > 0)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2775:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, subRptr[LINECOL][linec], MAXLEN-strlen(buf)-strlen(subRptr[LINECOL][linec])-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2775:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, subRptr[LINECOL][linec], MAXLEN-strlen(buf)-strlen(subRptr[LINECOL][linec])-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2775:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, subRptr[LINECOL][linec], MAXLEN-strlen(buf)-strlen(subRptr[LINECOL][linec])-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2780:11: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, ERRINPUTLINENO, MAXLEN-strlen(buf)-ERRINPUTLINENOLEN-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2780:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, ERRINPUTLINENO, MAXLEN-strlen(buf)-ERRINPUTLINENOLEN-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:2784:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subRptr[LINECOL][linec] = strnmalloc(buf, strlen(buf)+1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3781:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p+=strlen(BAGOCMD);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3849:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(out, num, MAXLEN-strlen(out)-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3849:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(out, num, MAXLEN-strlen(out)-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3850:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(out);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:3864:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subBptr[i][linec] = strnmalloc(out, strlen(out)+1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4725:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mlen = strlen(MALE), flen = strlen(FEMALE), cont = 1;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4725:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mlen = strlen(MALE), flen = strlen(FEMALE), cont = 1;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4726:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hlen = strlen(HASDOT), nlen = strlen(NOTDOT);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4726:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hlen = strlen(HASDOT), nlen = strlen(NOTDOT);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4866:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i + strlen(BAFALSE) < MAXLEN)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4868:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a[i] = '\0'; strcat(a, BAFALSE); i += strlen(BAFALSE);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4990:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printdline(50 - strlen(txt), head);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:4997:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prnlen = 60 - strlen(subRptr[LINECOL][mem]);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5007:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else printdline(60 - strlen(subRptr[LINECOL][i]), Trej);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5567:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(TheadA);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5570:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| len >= strlen(subAptr[0][i])
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5954:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, num = 0, len = strlen(entry), killpos, hint, Adq;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:5995:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(a, IKILLNAME); i = i + strlen(IKILLNAME);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6103:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(qbuf, q, len);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6142:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
{ strncat(pbuf, p, len);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6147:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& i + strlen(head) + 4 + strlen(NKILLNAME) + 1 < MAXLEN
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6147:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& i + strlen(head) + 4 + strlen(NKILLNAME) + 1 < MAXLEN
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6151:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(a, head); i += strlen(head);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6153:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(a, NKILLNAME); i += strlen(NKILLNAME);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6154:14: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(a, "}"); i += 1;
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6207:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len, headlen = strlen(head);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6339:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fname, suffix, MAXFILENAMLEN-plen-1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6341:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plen + strlen(suffix) > MAXFILENAMLEN-1)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6348:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strnmalloc(fname, strlen(fname)+1);
data/texlive-extra-2020.20200925/texmf-dist/source/latex/bibarts/bibsort.c:6786:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q) <= ALLWEIGHT-BEGINWEIGHT)
data/texlive-extra-2020.20200925/texmf-dist/source/latex/otibet/oct2otp.c:13:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c=getchar())!=EOF) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:296:33: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ts,
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:362:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix -= strlen( name );
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:364:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncmp( suffix, name, strlen( name ) ) ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:392:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( name = malloc( strlen( Jobname ) + strlen( suffix ) + 5 ) ) == NULL ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:392:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( name = malloc( strlen( Jobname ) + strlen( suffix ) + 5 ) ) == NULL ) {
data/texlive-extra-2020.20200925/texmf-dist/source/latex/splitindex/splitindex.c:496:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( IDX = malloc( strlen( Jobname + 5 ) ) ) == NULL ) {
ANALYSIS SUMMARY:
Hits = 276
Lines analyzed = 17019 in approximately 25.34 seconds (672 lines/second)
Physical Source Lines of Code (SLOC) = 13948
Hits@level = [0] 565 [1] 90 [2] 120 [3] 3 [4] 61 [5] 2
Hits@level+ = [0+] 841 [1+] 276 [2+] 186 [3+] 66 [4+] 63 [5+] 2
Hits/KSLOC@level+ = [0+] 60.2954 [1+] 19.7878 [2+] 13.3352 [3+] 4.73186 [4+] 4.51678 [5+] 0.14339
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.