Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tkhtml1-1.04/src/html.h
Examining data/tkhtml1-1.04/src/htmlcmd.c
Examining data/tkhtml1-1.04/src/htmlcmd.h
Examining data/tkhtml1-1.04/src/htmldraw.c
Examining data/tkhtml1-1.04/src/htmldraw.h
Examining data/tkhtml1-1.04/src/htmlexts.c
Examining data/tkhtml1-1.04/src/htmlexts.h
Examining data/tkhtml1-1.04/src/htmlform.c
Examining data/tkhtml1-1.04/src/htmlform.h
Examining data/tkhtml1-1.04/src/htmlimage.c
Examining data/tkhtml1-1.04/src/htmlimage.h
Examining data/tkhtml1-1.04/src/htmlindex.c
Examining data/tkhtml1-1.04/src/htmlindex.h
Examining data/tkhtml1-1.04/src/htmllayout.c
Examining data/tkhtml1-1.04/src/htmllayout.h
Examining data/tkhtml1-1.04/src/htmlparse.c
Examining data/tkhtml1-1.04/src/htmlparse.h
Examining data/tkhtml1-1.04/src/htmlsizer.c
Examining data/tkhtml1-1.04/src/htmlsizer.h
Examining data/tkhtml1-1.04/src/htmltable.c
Examining data/tkhtml1-1.04/src/htmltable.h
Examining data/tkhtml1-1.04/src/htmltest.c
Examining data/tkhtml1-1.04/src/htmltest.h
Examining data/tkhtml1-1.04/src/htmltokens.c
Examining data/tkhtml1-1.04/src/htmltokens.h
Examining data/tkhtml1-1.04/src/htmlurl.c
Examining data/tkhtml1-1.04/src/htmlurl.h
Examining data/tkhtml1-1.04/src/htmlwidget.c
Examining data/tkhtml1-1.04/src/htmlwidget.h
Examining data/tkhtml1-1.04/tools/getpage.c
Examining data/tkhtml1-1.04/tools/httpget.c
Examining data/tkhtml1-1.04/tools/makeheaders.c
Examining data/tkhtml1-1.04/tools/sgmlparse.c
Examining data/tkhtml1-1.04/tools/url.c
FINAL RESULTS:
data/tkhtml1-1.04/src/html.h:62:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
TRACE_INDENT; printf Args; fflush(stdout); \
data/tkhtml1-1.04/src/htmlcmd.c:388:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(htmlPtr->zHandler[type],argv[4]);
data/tkhtml1-1.04/src/htmldraw.c:778:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&zBuf[n], pElem->text.zText);
data/tkhtml1-1.04/src/htmlform.c:207:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zBuf,"%s.x%d",Tk_PathName(htmlPtr->clipwin), pElem->input.cnt);
data/tkhtml1-1.04/src/htmlimage.c:196:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pImage->zUrl,zSrc);
data/tkhtml1-1.04/src/htmlimage.c:199:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pImage->zWidth, zWidth);
data/tkhtml1-1.04/src/htmlimage.c:201:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pImage->zHeight, zHeight);
data/tkhtml1-1.04/src/htmllayout.h:338:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
TRACE_INDENT; printf Args; fflush(stdout); \
data/tkhtml1-1.04/src/htmlparse.c:903:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&htmlPtr->zText[htmlPtr->nText], zText);
data/tkhtml1-1.04/src/htmlparse.c:995:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pElem->markup.argv[i-1],argv[i]);
data/tkhtml1-1.04/src/htmlparse.c:1094:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zBuf,"<%s",zName);
data/tkhtml1-1.04/src/htmlparse.c:1096:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&zBuf[strlen(zBuf)]," %s=%s",
data/tkhtml1-1.04/src/htmlsizer.c:249:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zCmd,"%s {%s}",htmlPtr->zIsVisited, zURL);
data/tkhtml1-1.04/src/htmlsizer.h:24:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
TRACE_INDENT; printf Args; fflush(stdout); \
data/tkhtml1-1.04/src/htmltable.h:140:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
TRACE_INDENT; printf Args; fflush(stdout); \
data/tkhtml1-1.04/src/htmlurl.c:169:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(z, "%s:", p->zScheme);
data/tkhtml1-1.04/src/htmlurl.c:173:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "//%s", p->zAuthority);
data/tkhtml1-1.04/src/htmlurl.c:177:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "%s", p->zPath);
data/tkhtml1-1.04/src/htmlurl.c:181:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "?%s", p->zQuery);
data/tkhtml1-1.04/src/htmlurl.c:185:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "#%s", p->zFragment);
data/tkhtml1-1.04/src/htmlurl.c:215:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zNew, z);
data/tkhtml1-1.04/src/htmlurl.c:316:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zBuf,"%s", base->zPath);
data/tkhtml1-1.04/src/htmlurl.c:318:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(zBuf, term->zPath);
data/tkhtml1-1.04/src/htmlurl.c:326:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zBuf+i+1, tmp);
data/tkhtml1-1.04/src/htmlurl.c:344:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zBuf+j+1, tmp);
data/tkhtml1-1.04/src/htmlurl.c:361:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zBuf, tmp);
data/tkhtml1-1.04/src/htmlurl.c:396:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if( zSrc ) strcpy(zSrc, Tcl_GetStringResult(htmlPtr->interp));
data/tkhtml1-1.04/src/htmlwidget.c:1365:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name, familyStr, size);
data/tkhtml1-1.04/src/htmlwidget.c:1442:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zAltColor,"#%s",zColor);
data/tkhtml1-1.04/src/htmlwidget.c:1444:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zAltColor, zColor);
data/tkhtml1-1.04/src/htmlwidget.c:1905:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zClipwin,"%s.x",argv[1]);
data/tkhtml1-1.04/src/htmlwidget.c:1921:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(htmlPtr->zCmdName, argv[1]);
data/tkhtml1-1.04/tools/getpage.c:43:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->zUrl, zUrl);
data/tkhtml1-1.04/tools/getpage.c:64:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(html, zText);
data/tkhtml1-1.04/tools/makeheaders.c:23:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug0(F,M) if( (F)&debugMask ){ fprintf(stderr,M); }
data/tkhtml1-1.04/tools/makeheaders.c:24:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug1(F,M,A) if( (F)&debugMask ){ fprintf(stderr,M,A); }
data/tkhtml1-1.04/tools/makeheaders.c:25:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug2(F,M,A,B) if( (F)&debugMask ){ fprintf(stderr,M,A,B); }
data/tkhtml1-1.04/tools/makeheaders.c:26:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define debug3(F,M,A,B,C) if( (F)&debugMask ){ fprintf(stderr,M,A,B,C); }
data/tkhtml1-1.04/tools/makeheaders.c:1860:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pIf->zCondition,"%s(%.*s)",zPrefix,nText,zText);
data/tkhtml1-1.04/tools/makeheaders.c:1968:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pInclude->zLabel,"%.*s:%s",nArg,zArg,zIf);
data/tkhtml1-1.04/tools/makeheaders.c:2945:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( zNew[j], zBuf );
data/tkhtml1-1.04/tools/sgmlparse.c:188:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pNew->zName,zName);
data/tkhtml1-1.04/tools/url.c:141:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(z, "%s:", p->zScheme);
data/tkhtml1-1.04/tools/url.c:145:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "//%s", p->zAuthority);
data/tkhtml1-1.04/tools/url.c:149:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "%s", p->zPath);
data/tkhtml1-1.04/tools/url.c:153:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "?%s", p->zQuery);
data/tkhtml1-1.04/tools/url.c:157:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&z[n], "#%s", p->zFragment);
data/tkhtml1-1.04/tools/url.c:185:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zNew, z);
data/tkhtml1-1.04/tools/url.c:231:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zBuf,"%s", base->zPath);
data/tkhtml1-1.04/tools/url.c:233:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(zBuf, term->zPath);
data/tkhtml1-1.04/tools/url.c:236:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&zBuf[i+1], &zBuf[i+3]);
data/tkhtml1-1.04/tools/url.c:248:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&zBuf[j+1], &zBuf[i+4]);
data/tkhtml1-1.04/src/html.h:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/html.h:784:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/html.h:826:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlcmd.c:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) htmlPtr, argv[2], 0);
data/tkhtml1-1.04/src/htmlcmd.c:98:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) htmlPtr, argv[2], 0);
data/tkhtml1-1.04/src/htmlcmd.c:415:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*)Tcl_GetStringResult(interp), "%d.%d", HtmlTokenNumber(p), i);
data/tkhtml1-1.04/src/htmlcmd.h:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlcmd.h:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlcmd.h:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmldraw.c:129:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"%d",index);
data/tkhtml1-1.04/src/htmldraw.c:188:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"%d",index);
data/tkhtml1-1.04/src/htmldraw.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[30];
data/tkhtml1-1.04/src/htmldraw.c:419:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"%d.",src->li.cnt);
data/tkhtml1-1.04/src/htmldraw.c:654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[400];
data/tkhtml1-1.04/src/htmldraw.h:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmldraw.h:338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmldraw.h:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlexts.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlexts.h:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlexts.h:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlform.c:111:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[60];
data/tkhtml1-1.04/src/htmlform.c:114:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf," %d flush", p->input.pForm->form.id);
data/tkhtml1-1.04/src/htmlform.c:435:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zToken[50];
data/tkhtml1-1.04/src/htmlform.c:444:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zToken," %d input ",pElem->input.pForm->form.id);
data/tkhtml1-1.04/src/htmlform.c:463:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zToken[50];
data/tkhtml1-1.04/src/htmlform.c:472:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zToken," %d select ",pElem->input.pForm->form.id);
data/tkhtml1-1.04/src/htmlform.c:494:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zToken[50];
data/tkhtml1-1.04/src/htmlform.c:503:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zToken," %d textarea ",pElem->input.pForm->form.id);
data/tkhtml1-1.04/src/htmlform.c:597:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[5];
data/tkhtml1-1.04/src/htmlform.c:598:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"%%%02X",0xff & *z);
data/tkhtml1-1.04/src/htmlform.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlform.h:341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlform.h:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlimage.h:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlimage.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlimage.h:303:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlindex.h:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlindex.h:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlindex.h:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmllayout.c:894:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->hr.h = atoi(z);
data/tkhtml1-1.04/src/htmllayout.c:914:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wd = (atoi(z)*w)/100;
data/tkhtml1-1.04/src/htmllayout.c:916:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wd = atoi(z);
data/tkhtml1-1.04/src/htmllayout.h:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmllayout.h:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmllayout.h:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlparse.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[8]; /* The value for this sequence. ex: "&" */
data/tkhtml1-1.04/src/htmlparse.c:339:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[8];
data/tkhtml1-1.04/src/htmlparse.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[mxARG]; /* Pointers to each markup argument. */
data/tkhtml1-1.04/src/htmlparse.c:655:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pElem->text.zText,"%.*s",i,&z[n]);
data/tkhtml1-1.04/src/htmlparse.c:800:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pElem->markup.argv[j-1],"%.*s",arglen[j],argv[j]);
data/tkhtml1-1.04/src/htmlparse.c:1062:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zBuf[200];
data/tkhtml1-1.04/src/htmlparse.c:1069:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"\"%.*s\"",p->base.count,p->text.zText);
data/tkhtml1-1.04/src/htmlparse.c:1073:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"\"\\n\"");
data/tkhtml1-1.04/src/htmlparse.c:1075:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"\" \"");
data/tkhtml1-1.04/src/htmlparse.c:1082:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"<Block z=\"%.*s\">", n, p->block.z);
data/tkhtml1-1.04/src/htmlparse.c:1084:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf,"<Block>");
data/tkhtml1-1.04/src/htmlparse.c:1115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLine[100];
data/tkhtml1-1.04/src/htmlparse.c:1129:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zLine,"Space %d %d",
data/tkhtml1-1.04/src/htmlparse.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlparse.h:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlparse.h:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlsizer.c:555:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = FontSize(style.font) - atoi(&z[1]);
data/tkhtml1-1.04/src/htmlsizer.c:557:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = FontSize(style.font) + atoi(&z[1]);
data/tkhtml1-1.04/src/htmlsizer.c:559:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.c:581:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zToken[50];
data/tkhtml1-1.04/src/htmlsizer.c:599:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zToken," %d form ", ++htmlPtr->nForm);
data/tkhtml1-1.04/src/htmlsizer.c:681:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.c:741:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.c:1100:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->cell.rowspan = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.c:1102:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->cell.colspan = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.c:1134:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.c:1138:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int h = atoi(z);
data/tkhtml1-1.04/src/htmlsizer.h:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlsizer.h:499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlsizer.h:541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmltable.c:67:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cellSpacing = atoi(z);
data/tkhtml1-1.04/src/htmltable.c:143:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tbw = pStart->table.borderWidth = z ? atoi(z) : DFLT_BORDER;
data/tkhtml1-1.04/src/htmltable.c:146:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cellPadding = z ? atoi(z) : DFLT_CELLPADDING;
data/tkhtml1-1.04/src/htmltable.c:163:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hspace = z ? atoi(z) : DFLT_HSPACE;
data/tkhtml1-1.04/src/htmltable.c:246:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requestedW = atoi(z);
data/tkhtml1-1.04/src/htmltable.c:249:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
requestedW = (atoi(z)*maxTableWidth + 99)/100;
data/tkhtml1-1.04/src/htmltable.c:458:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
totalWidth = (atoi(z) * lineWidth)/100;
data/tkhtml1-1.04/src/htmltable.c:460:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
totalWidth = atoi(z);
data/tkhtml1-1.04/src/htmltable.c:831:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cellPadding = z ? atoi(z) : DFLT_CELLPADDING;
data/tkhtml1-1.04/src/htmltable.c:834:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vspace = z ? atoi(z) : DFLT_VSPACE;
data/tkhtml1-1.04/src/htmltable.c:836:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hspace = z ? atoi(z) : DFLT_HSPACE;
data/tkhtml1-1.04/src/htmltable.h:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmltable.h:398:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmltable.h:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmltest.c:91:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename,"a");
data/tkhtml1-1.04/src/htmltokens.h:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmltokens.h:460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmltokens.h:502:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlurl.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zResult, z, n);
data/tkhtml1-1.04/src/htmlurl.c:384:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *azSeq[2];
data/tkhtml1-1.04/src/htmlurl.h:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlurl.h:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/src/htmlurl.h:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlwidget.c:235:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%g %g",frac1, frac2);
data/tkhtml1-1.04/src/htmlwidget.c:271:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%g %g",frac1, frac2);
data/tkhtml1-1.04/src/htmlwidget.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/tkhtml1-1.04/src/htmlwidget.c:452:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/tkhtml1-1.04/src/htmlwidget.c:1284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[200]; /* Name of the font */
data/tkhtml1-1.04/src/htmlwidget.c:1295:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[100]; /* Temporary buffer */
data/tkhtml1-1.04/src/htmlwidget.c:1299:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zBuf, " %d {", FontSize(iFont)+1);
data/tkhtml1-1.04/src/htmlwidget.c:1327:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"%.100s", Tcl_GetStringResult(htmlPtr->interp));
data/tkhtml1-1.04/src/htmlwidget.c:1423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zAltColor[16];
data/tkhtml1-1.04/src/htmlwidget.h:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zText[1]; /* Text for this element. Null terminated */
data/tkhtml1-1.04/src/htmlwidget.h:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *zHandler[Html_TypeCount]; /* If not NULL, this is a TCL routine that
data/tkhtml1-1.04/src/htmlwidget.h:476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontValid[(N_FONT+7)/8]; /* If bit N%8 of work N/8 of this field is 0
data/tkhtml1-1.04/tools/getpage.c:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char baseUrl[1000];/* The base URL */
data/tkhtml1-1.04/tools/getpage.c:45:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->zLocal,"image%d", ++nImage);
data/tkhtml1-1.04/tools/getpage.c:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *azUrl[2];
data/tkhtml1-1.04/tools/getpage.c:112:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(baseUrl,"%.*s", sizeof(baseUrl), argv[i+1]);
data/tkhtml1-1.04/tools/getpage.c:150:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(zTemp,"r");
data/tkhtml1-1.04/tools/getpage.c:156:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
html = fopen("index.html","w");
data/tkhtml1-1.04/tools/httpget.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zIpAddr[400]; /* The IP address of the server to print */
data/tkhtml1-1.04/tools/httpget.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zMsg[1000]; /* Space to hold error messages */
data/tkhtml1-1.04/tools/httpget.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLine[1000]; /* A single line of the header */
data/tkhtml1-1.04/tools/httpget.c:38:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(zLocalFile, "w");
data/tkhtml1-1.04/tools/httpget.c:40:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zMsg, "can't open output fule \"%.100s\"", zLocalFile);
data/tkhtml1-1.04/tools/httpget.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.sin_addr,pHost->h_addr_list[0],pHost->h_length);
data/tkhtml1-1.04/tools/httpget.c:86:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zMsg,"can't open socket to %.100s", zIpAddr);
data/tkhtml1-1.04/tools/httpget.c:92:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zMsg,"can't connect to host %.100s", zIpAddr);
data/tkhtml1-1.04/tools/httpget.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLocation[300];
data/tkhtml1-1.04/tools/httpget.c:169:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *az[2];
data/tkhtml1-1.04/tools/httpget.c:182:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zActual, "%.*s", nActual, zUrl);
data/tkhtml1-1.04/tools/makeheaders.c:557:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pDecl->zName,"%.*s",nName,zName);
data/tkhtml1-1.04/tools/makeheaders.c:590:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pId->zName,"%.*s",nId,zId);
data/tkhtml1-1.04/tools/makeheaders.c:671:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pIn = fopen(zFilename,"r");
data/tkhtml1-1.04/tools/makeheaders.c:688:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pOut = fopen(zFilename,"w");
data/tkhtml1-1.04/tools/makeheaders.c:1862:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pIf->zCondition,"%.*s",nText,zText);
data/tkhtml1-1.04/tools/makeheaders.c:1938:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pDecl->zDecl,"%.*s\n",pToken->nText,pToken->zText);
data/tkhtml1-1.04/tools/makeheaders.c:1967:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pInclude->zFile,"%.*s",nArg,zArg);
data/tkhtml1-1.04/tools/makeheaders.c:1974:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pInclude->zFile,"%.*s",nArg,zArg);
data/tkhtml1-1.04/tools/makeheaders.c:2736:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zLabel[50];
data/tkhtml1-1.04/tools/makeheaders.c:2901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[1000]; /* A single argument is accumulated here */
data/tkhtml1-1.04/tools/makeheaders.c:2905:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(zFile,"r");
data/tkhtml1-1.04/tools/sgmlparse.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[100];
data/tkhtml1-1.04/tools/sgmlparse.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zBuf[10000];
data/tkhtml1-1.04/tools/url.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zResult, z, n);
data/tkhtml1-1.04/src/htmlcmd.c:386:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
htmlPtr->zHandler[type] = HtmlAlloc( strlen(argv[4]) + 1 );
data/tkhtml1-1.04/src/htmldraw.c:152:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(zBuf,".");
data/tkhtml1-1.04/src/htmldraw.c:212:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(zBuf,".");
data/tkhtml1-1.04/src/htmldraw.c:477:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cnt = strlen(zBuf);
data/tkhtml1-1.04/src/htmldraw.c:558:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src->image.zAlt, strlen(src->image.zAlt),
data/tkhtml1-1.04/src/htmldraw.c:818:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->z, zBuf, n);
data/tkhtml1-1.04/src/htmlexts.c:80:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(p->text.zText);
data/tkhtml1-1.04/src/htmlform.c:205:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(Tk_PathName(htmlPtr->clipwin));
data/tkhtml1-1.04/src/htmlimage.c:189:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenSrc = strlen(zSrc);
data/tkhtml1-1.04/src/htmlimage.c:190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenW = strlen(zWidth);
data/tkhtml1-1.04/src/htmlimage.c:191:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenH = strlen(zHeight);
data/tkhtml1-1.04/src/htmllayout.c:912:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zl = strlen(z);
data/tkhtml1-1.04/src/htmlparse.c:660:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pElem->base.count = strlen(pElem->text.zText);
data/tkhtml1-1.04/src/htmlparse.c:888:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(zText);
data/tkhtml1-1.04/src/htmlparse.c:949:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += strlen(zType);
data/tkhtml1-1.04/src/htmlparse.c:974:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += sizeof(char*)*(argc+1) + strlen(zArgs) + argc + 2;
data/tkhtml1-1.04/src/htmlparse.c:994:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zBuf += strlen(argv[i]) + 1;
data/tkhtml1-1.04/src/htmlparse.c:1096:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(&zBuf[strlen(zBuf)]," %s=%s",
data/tkhtml1-1.04/src/htmlparse.c:1099:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(zBuf,">");
data/tkhtml1-1.04/src/htmlsizer.c:244:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zCmd = HtmlAlloc( strlen(htmlPtr->zIsVisited) + strlen(zURL) + 10 );
data/tkhtml1-1.04/src/htmlsizer.c:244:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zCmd = HtmlAlloc( strlen(htmlPtr->zIsVisited) + strlen(zURL) + 10 );
data/tkhtml1-1.04/src/htmlsizer.c:1122:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->image.w = Tk_TextWidth(font, p->image.zAlt, strlen(p->image.zAlt));
data/tkhtml1-1.04/src/htmltable.c:455:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(z);
data/tkhtml1-1.04/src/htmlurl.c:87:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(z);
data/tkhtml1-1.04/src/htmlurl.c:160:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zScheme ) n += strlen(p->zScheme)+1;
data/tkhtml1-1.04/src/htmlurl.c:161:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zAuthority ) n += strlen(p->zAuthority)+2;
data/tkhtml1-1.04/src/htmlurl.c:162:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zPath ) n += strlen(p->zPath)+1;
data/tkhtml1-1.04/src/htmlurl.c:163:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zQuery ) n += strlen(p->zQuery)+1;
data/tkhtml1-1.04/src/htmlurl.c:164:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zFragment ) n += strlen(p->zFragment)+1;
data/tkhtml1-1.04/src/htmlurl.c:170:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(z);
data/tkhtml1-1.04/src/htmlurl.c:174:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(&z[n]);
data/tkhtml1-1.04/src/htmlurl.c:178:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(&z[n]);
data/tkhtml1-1.04/src/htmlurl.c:182:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(&z[n]);
data/tkhtml1-1.04/src/htmlurl.c:212:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(z);
data/tkhtml1-1.04/src/htmlurl.c:314:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zBuf = HtmlAlloc( strlen(base->zPath) + strlen(term->zPath) + 2 );
data/tkhtml1-1.04/src/htmlurl.c:314:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zBuf = HtmlAlloc( strlen(base->zPath) + strlen(term->zPath) + 2 );
data/tkhtml1-1.04/src/htmlurl.c:317:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(zBuf)-1; i>=0 && zBuf[i]!='/'; i--){ zBuf[i] = 0; }
data/tkhtml1-1.04/src/htmlurl.c:323:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(zBuf+i+3)+1;
data/tkhtml1-1.04/src/htmlurl.c:325:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,zBuf+i+3,ll);
data/tkhtml1-1.04/src/htmlurl.c:341:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(zBuf+i+4)+1;
data/tkhtml1-1.04/src/htmlurl.c:343:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,zBuf+i+4,ll);
data/tkhtml1-1.04/src/htmlurl.c:358:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ll = strlen(zBuf+3)+1;
data/tkhtml1-1.04/src/htmlurl.c:360:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,zBuf+3,ll);
data/tkhtml1-1.04/src/htmlurl.c:395:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zSrc = HtmlAlloc( strlen(Tcl_GetStringResult(htmlPtr->interp)) + 1 );
data/tkhtml1-1.04/src/htmlwidget.c:810:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(argv[i]);
data/tkhtml1-1.04/src/htmlwidget.c:1429:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(zColor);
data/tkhtml1-1.04/src/htmlwidget.c:1792:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argv[1]);
data/tkhtml1-1.04/src/htmlwidget.c:1808:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length2 = strlen(argv[2]);
data/tkhtml1-1.04/src/htmlwidget.c:1882:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(z);
data/tkhtml1-1.04/src/htmlwidget.c:1900:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zClipwin = HtmlAlloc( strlen(argv[1]) + 3 );
data/tkhtml1-1.04/src/htmlwidget.c:1913:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
htmlPtr = HtmlAlloc(sizeof(HtmlWidget) + strlen(argv[1]) + 1);
data/tkhtml1-1.04/tools/getpage.c:41:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = malloc( sizeof(*p) + strlen(zUrl) + 100 );
data/tkhtml1-1.04/tools/getpage.c:44:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->zLocal = &p->zUrl[strlen(zUrl)+1];
data/tkhtml1-1.04/tools/httpget.c:111:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=getc(sock))!=EOF && (c!='\n' || !last_was_nl) ){
data/tkhtml1-1.04/tools/httpget.c:137:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=getc(sock))!=EOF ){
data/tkhtml1-1.04/tools/makeheaders.c:398:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte = strlen(zSrc);
data/tkhtml1-1.04/tools/makeheaders.c:401:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(zDest,zSrc,nByte);
data/tkhtml1-1.04/tools/makeheaders.c:425:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte = strlen(zText);
data/tkhtml1-1.04/tools/makeheaders.c:436:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&pStr->zText[pStr->nUsed],zText,nByte);
data/tkhtml1-1.04/tools/makeheaders.c:449:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(z);
data/tkhtml1-1.04/tools/makeheaders.c:468:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(zName);
data/tkhtml1-1.04/tools/makeheaders.c:579:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nId = strlen(zId);
data/tkhtml1-1.04/tools/makeheaders.c:612:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nId = strlen(zId);
data/tkhtml1-1.04/tools/makeheaders.c:692:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(zOutput,1,strlen(zOutput),pOut);
data/tkhtml1-1.04/tools/makeheaders.c:1852:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nByte += strlen(zPrefix) + 2;
data/tkhtml1-1.04/tools/makeheaders.c:1964:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pInclude = SafeMalloc( sizeof(Include) + nArg*2 + strlen(zIf) + 10 );
data/tkhtml1-1.04/tools/makeheaders.c:2034:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PushIfMacro("!",pIf->zCondition,strlen(pIf->zCondition),pIf->nLine,0);
data/tkhtml1-1.04/tools/makeheaders.c:2649:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(z);
data/tkhtml1-1.04/tools/makeheaders.c:2752:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)(pDecl->zIf ? strlen(pDecl->zIf)+1 : 0),
data/tkhtml1-1.04/tools/makeheaders.c:2753:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)(zDecl ? strlen(zDecl) : 0),
data/tkhtml1-1.04/tools/makeheaders.c:2916:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(in);
data/tkhtml1-1.04/tools/makeheaders.c:2919:15: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(in);
data/tkhtml1-1.04/tools/makeheaders.c:2927:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(in);
data/tkhtml1-1.04/tools/sgmlparse.c:69:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(in);
data/tkhtml1-1.04/tools/sgmlparse.c:75:37: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( i<sizeof(zBuf)-2 && (c=getc(in))!=EOF && isspace(c) ){
data/tkhtml1-1.04/tools/sgmlparse.c:87:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( (c=getc(in))!=EOF && (cQuote || c!='>') ){
data/tkhtml1-1.04/tools/sgmlparse.c:95:24: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( c=='>' ) c = getc(in);
data/tkhtml1-1.04/tools/sgmlparse.c:151:37: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( i<sizeof(zBuf)-2 && (c=getc(in))!=EOF && c!='<' && !isspace(c) ){
data/tkhtml1-1.04/tools/sgmlparse.c:185:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Handler *pNew = malloc( sizeof(Handler) + strlen(zName) + 1 );
data/tkhtml1-1.04/tools/url.c:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(z);
data/tkhtml1-1.04/tools/url.c:132:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zScheme ) n += strlen(p->zScheme)+1;
data/tkhtml1-1.04/tools/url.c:133:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zAuthority ) n += strlen(p->zAuthority)+2;
data/tkhtml1-1.04/tools/url.c:134:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zPath ) n += strlen(p->zPath)+1;
data/tkhtml1-1.04/tools/url.c:135:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zQuery ) n += strlen(p->zQuery)+1;
data/tkhtml1-1.04/tools/url.c:136:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->zFragment ) n += strlen(p->zFragment)+1;
data/tkhtml1-1.04/tools/url.c:142:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(z);
data/tkhtml1-1.04/tools/url.c:146:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(&z[n]);
data/tkhtml1-1.04/tools/url.c:150:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(&z[n]);
data/tkhtml1-1.04/tools/url.c:154:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(&z[n]);
data/tkhtml1-1.04/tools/url.c:182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(z);
data/tkhtml1-1.04/tools/url.c:229:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zBuf = malloc( strlen(base->zPath) + strlen(term->zPath) + 2 );
data/tkhtml1-1.04/tools/url.c:229:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zBuf = malloc( strlen(base->zPath) + strlen(term->zPath) + 2 );
data/tkhtml1-1.04/tools/url.c:232:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(zBuf)-1; i>=0 && zBuf[i]!='/'; i--){ zBuf[i] = 0; }
ANALYSIS SUMMARY:
Hits = 286
Lines analyzed = 22305 in approximately 0.70 seconds (31936 lines/second)
Physical Source Lines of Code (SLOC) = 17391
Hits@level = [0] 130 [1] 93 [2] 141 [3] 0 [4] 52 [5] 0
Hits@level+ = [0+] 416 [1+] 286 [2+] 193 [3+] 52 [4+] 52 [5+] 0
Hits/KSLOC@level+ = [0+] 23.9204 [1+] 16.4453 [2+] 11.0977 [3+] 2.99005 [4+] 2.99005 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.