Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tucnak-4.23/data/svnversion.c
Examining data/tucnak-4.23/src/zosk.c
Examining data/tucnak-4.23/src/vhfcontestnet.c
Examining data/tucnak-4.23/src/tregex.h
Examining data/tucnak-4.23/src/msvcver.h
Examining data/tucnak-4.23/src/svnversion.h
Examining data/tucnak-4.23/src/menu2.c
Examining data/tucnak-4.23/src/vhfcontestnet.h
Examining data/tucnak-4.23/src/alsa.c
Examining data/tucnak-4.23/src/profile.c
Examining data/tucnak-4.23/src/terminal.c
Examining data/tucnak-4.23/src/fifo.c
Examining data/tucnak-4.23/src/trig.h
Examining data/tucnak-4.23/src/cordata.c
Examining data/tucnak-4.23/src/txts.c
Examining data/tucnak-4.23/src/ac.h
Examining data/tucnak-4.23/src/bfu.c
Examining data/tucnak-4.23/src/zstring.c
Examining data/tucnak-4.23/src/cwdaemon.c
Examining data/tucnak-4.23/src/cwdb.h
Examining data/tucnak-4.23/src/sdev.h
Examining data/tucnak-4.23/src/pa.h
Examining data/tucnak-4.23/src/terminal.h
Examining data/tucnak-4.23/src/ebw.c
Examining data/tucnak-4.23/src/kst.c
Examining data/tucnak-4.23/src/rtlsdr.c
Examining data/tucnak-4.23/src/ppdev.h
Examining data/tucnak-4.23/src/mingw.c
Examining data/tucnak-4.23/src/inputln.h
Examining data/tucnak-4.23/src/ac.c
Examining data/tucnak-4.23/src/wizz.h
Examining data/tucnak-4.23/src/adif.c
Examining data/tucnak-4.23/src/language2.h
Examining data/tucnak-4.23/src/state.h
Examining data/tucnak-4.23/src/titlpage.c
Examining data/tucnak-4.23/src/bfu.h
Examining data/tucnak-4.23/src/qsodb.c
Examining data/tucnak-4.23/src/sndpipe.h
Examining data/tucnak-4.23/src/rain.c
Examining data/tucnak-4.23/src/settings.c
Examining data/tucnak-4.23/src/charsets.c
Examining data/tucnak-4.23/src/cwdb.c
Examining data/tucnak-4.23/src/stats.c
Examining data/tucnak-4.23/src/ttys.h
Examining data/tucnak-4.23/src/main.c
Examining data/tucnak-4.23/src/inputln.c
Examining data/tucnak-4.23/src/rtlsdr.h
Examining data/tucnak-4.23/src/kbd.h
Examining data/tucnak-4.23/src/slovhfnet.h
Examining data/tucnak-4.23/src/session.c
Examining data/tucnak-4.23/src/net.h
Examining data/tucnak-4.23/src/ttys.c
Examining data/tucnak-4.23/src/rc.h
Examining data/tucnak-4.23/src/map2d.c
Examining data/tucnak-4.23/src/voip.c
Examining data/tucnak-4.23/src/dxc.h
Examining data/tucnak-4.23/src/sked.c
Examining data/tucnak-4.23/src/hf.h
Examining data/tucnak-4.23/src/session.h
Examining data/tucnak-4.23/src/scope.h
Examining data/tucnak-4.23/src/davac4.h
Examining data/tucnak-4.23/src/wiki.c
Examining data/tucnak-4.23/src/inpout.c
Examining data/tucnak-4.23/src/charsets.h
Examining data/tucnak-4.23/src/edi.c
Examining data/tucnak-4.23/src/adif.h
Examining data/tucnak-4.23/src/oss.c
Examining data/tucnak-4.23/src/sdev.c
Examining data/tucnak-4.23/src/qrvdb.h
Examining data/tucnak-4.23/src/ssbd.c
Examining data/tucnak-4.23/src/update.c
Examining data/tucnak-4.23/src/httpd.h
Examining data/tucnak-4.23/src/cwwindow.c
Examining data/tucnak-4.23/src/sked.h
Examining data/tucnak-4.23/src/codepage.h
Examining data/tucnak-4.23/src/stats.h
Examining data/tucnak-4.23/src/zosk.h
Examining data/tucnak-4.23/src/alsa.h
Examining data/tucnak-4.23/src/qsodb.h
Examining data/tucnak-4.23/src/chart.h
Examining data/tucnak-4.23/src/kbd.c
Examining data/tucnak-4.23/src/header.h
Examining data/tucnak-4.23/src/pa.c
Examining data/tucnak-4.23/src/misc.h
Examining data/tucnak-4.23/src/txts.h
Examining data/tucnak-4.23/src/net.c
Examining data/tucnak-4.23/src/menu6.c
Examining data/tucnak-4.23/src/translate.h
Examining data/tucnak-4.23/src/icons.c
Examining data/tucnak-4.23/src/cordata.h
Examining data/tucnak-4.23/src/rain.h
Examining data/tucnak-4.23/src/os_dep.h
Examining data/tucnak-4.23/src/dsp.c
Examining data/tucnak-4.23/src/menu.h
Examining data/tucnak-4.23/src/cwwindow.h
Examining data/tucnak-4.23/src/oss.h
Examining data/tucnak-4.23/src/fifo.h
Examining data/tucnak-4.23/src/dxc.c
Examining data/tucnak-4.23/src/qrvdb.c
Examining data/tucnak-4.23/src/wiki.h
Examining data/tucnak-4.23/src/menu4.c
Examining data/tucnak-4.23/src/inpout.h
Examining data/tucnak-4.23/src/tsdl.c
Examining data/tucnak-4.23/src/excdb.h
Examining data/tucnak-4.23/src/masterdb.c
Examining data/tucnak-4.23/src/dsp.h
Examining data/tucnak-4.23/src/davac4.c
Examining data/tucnak-4.23/src/dwdb.c
Examining data/tucnak-4.23/src/state.c
Examining data/tucnak-4.23/src/hdkeyb.h
Examining data/tucnak-4.23/src/kst.h
Examining data/tucnak-4.23/src/cabrillo.c
Examining data/tucnak-4.23/src/zstring.h
Examining data/tucnak-4.23/src/button.c
Examining data/tucnak-4.23/src/html.h
Examining data/tucnak-4.23/src/list.c
Examining data/tucnak-4.23/src/report.c
Examining data/tucnak-4.23/src/sdr.h
Examining data/tucnak-4.23/src/os_dep.c
Examining data/tucnak-4.23/src/translate.c
Examining data/tucnak-4.23/src/control.h
Examining data/tucnak-4.23/src/rotar.h
Examining data/tucnak-4.23/src/subwin.h
Examining data/tucnak-4.23/src/update.h
Examining data/tucnak-4.23/src/player.c
Examining data/tucnak-4.23/src/menu1.c
Examining data/tucnak-4.23/src/map.h
Examining data/tucnak-4.23/src/uhpd.c
Examining data/tucnak-4.23/src/masterdb.h
Examining data/tucnak-4.23/src/namedb.h
Examining data/tucnak-4.23/src/control.c
Examining data/tucnak-4.23/src/sdrc.h
Examining data/tucnak-4.23/src/wizz.c
Examining data/tucnak-4.23/src/kbdbind.h
Examining data/tucnak-4.23/src/hdkeyb.c
Examining data/tucnak-4.23/src/sdrc.c
Examining data/tucnak-4.23/src/rc.c
Examining data/tucnak-4.23/src/menu.c
Examining data/tucnak-4.23/src/ebw.h
Examining data/tucnak-4.23/src/sndf.c
Examining data/tucnak-4.23/src/subwin.c
Examining data/tucnak-4.23/src/ppdev.c
Examining data/tucnak-4.23/src/winkey.h
Examining data/tucnak-4.23/src/tsdl.h
Examining data/tucnak-4.23/src/menu7.c
Examining data/tucnak-4.23/src/httpd.c
Examining data/tucnak-4.23/src/mingw.h
Examining data/tucnak-4.23/src/sdrd.h
Examining data/tucnak-4.23/src/dwdb.h
Examining data/tucnak-4.23/src/msvc.c
Examining data/tucnak-4.23/src/rotar.c
Examining data/tucnak-4.23/src/error.c
Examining data/tucnak-4.23/src/icons.h
Examining data/tucnak-4.23/src/msvc.h
Examining data/tucnak-4.23/src/button.h
Examining data/tucnak-4.23/src/language.h
Examining data/tucnak-4.23/src/hf.c
Examining data/tucnak-4.23/src/scope.c
Examining data/tucnak-4.23/src/fft.c
Examining data/tucnak-4.23/src/kbdbind.c
Examining data/tucnak-4.23/src/misc.c
Examining data/tucnak-4.23/src/sles.c
Examining data/tucnak-4.23/src/menu5.c
Examining data/tucnak-4.23/src/ntpq.h
Examining data/tucnak-4.23/src/namedb.c
Examining data/tucnak-4.23/src/slovhfnet.c
Examining data/tucnak-4.23/src/cwdaemon.h
Examining data/tucnak-4.23/src/player.h
Examining data/tucnak-4.23/src/fft.h
Examining data/tucnak-4.23/src/voip.h
Examining data/tucnak-4.23/src/html.c
Examining data/tucnak-4.23/src/map.c
Examining data/tucnak-4.23/src/trig.c
Examining data/tucnak-4.23/src/ntpq.c
Examining data/tucnak-4.23/src/edi.h
Examining data/tucnak-4.23/src/tregex.c
Examining data/tucnak-4.23/src/sdr.c
Examining data/tucnak-4.23/src/sndf.h
Examining data/tucnak-4.23/src/ssbd.h
Examining data/tucnak-4.23/src/chart.c
Examining data/tucnak-4.23/src/winkey.c
Examining data/tucnak-4.23/src/main.h
Examining data/tucnak-4.23/src/sndpipe.c
Examining data/tucnak-4.23/src/soundwrapper.c
Examining data/tucnak-4.23/src/menu3.c
Examining data/tucnak-4.23/src/excdb.c
Examining data/tucnak-4.23/src/language.c
FINAL RESULTS:
data/tucnak-4.23/src/update.c:142:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(update_sh_file, 0700);
data/tucnak-4.23/src/bfu.c:1603:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(field, def);
data/tucnak-4.23/src/cwdb.c:190:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%-14s %-6s %08d %s\n", call, cwi->wwl0, cwi->stamp0, qrv_str);
data/tucnak-4.23/src/cwdb.c:197:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%-14s %-6s %08d %s\n", call, cwi->wwl1, cwi->stamp1, qrv_str);
data/tucnak-4.23/src/cwdb.c:266:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s %s %d %s;", call, cwi->wwl0, cwi->stamp0, qrv_str);
data/tucnak-4.23/src/cwdb.c:273:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%4s %s %d %s;", call, cwi->wwl1, cwi->stamp1, qrv_str);
data/tucnak-4.23/src/cwdb.c:731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, call);
data/tucnak-4.23/src/cwdb.c:732:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(c, stroke);
data/tucnak-4.23/src/dwdb.c:722:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, raw);
data/tucnak-4.23/src/dwdb.c:724:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s1, s);
data/tucnak-4.23/src/dwdb.c:735:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, s1);
data/tucnak-4.23/src/dwdb.c:1090:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (stroke) strcat(s, stroke);
data/tucnak-4.23/src/edi.c:1010:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(logfile, VTEXT(T_LOADING_CTEST_S), date); fprintf(logfile, "\n");
data/tucnak-4.23/src/error.c:336:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, str);
data/tucnak-4.23/src/error.c:413:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d, c);
data/tucnak-4.23/src/error.c:434:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, m, l);
data/tucnak-4.23/src/excdb.c:292:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, exc);
data/tucnak-4.23/src/hdkeyb.c:267:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%-16s", ss);
data/tucnak-4.23/src/hf.c:269:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, q->qsonrr);
data/tucnak-4.23/src/hf.c:273:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, q->exc);
data/tucnak-4.23/src/hf.c:277:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(t, q->locator);
data/tucnak-4.23/src/html.c:288:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(time, q->time_str);
data/tucnak-4.23/src/kbd.c:453:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(param + 1, path->str);
data/tucnak-4.23/src/kbd.c:454:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(param + 1 + strlen(path->str) + 1, delete1->str);
data/tucnak-4.23/src/kst.c:1479:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, ret == 0 ? " found in search" : " not found in search");
data/tucnak-4.23/src/main.c:751:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%-14s %-6s %08d %s\n", "OK1ZIA", "JN69QR", 20120308, "C");
data/tucnak-4.23/src/main.c:920:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, " abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:921:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, " abc"); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:922:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, "abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:923:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, " abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:924:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, " abc"); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:925:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, "abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:926:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, "abc"); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:927:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, " "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:928:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, " "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:929:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, ""); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/map.c:1337:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,qso->time_str);
data/tucnak-4.23/src/map.c:1566:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, file);
data/tucnak-4.23/src/map2d.c:17:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s.map", argv[1]);
data/tucnak-4.23/src/map2d.c:23:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "%s.d", argv[1]);
data/tucnak-4.23/src/menu.c:493:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_GUI_LD), mem_amount);
data/tucnak-4.23/src/menu.c:494:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (last_mem_amount != -1) p += sprintf(p, ", %s %ld, %s %ld", VTEXT(T_LAST), last_mem_amount, VTEXT(T_DIFFERENCE), mem_amount - last_mem_amount);
data/tucnak-4.23/src/menu.c:497:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_CWI), get_cw_size(cw), get_wc_size(cw), cw->latest);
data/tucnak-4.23/src/menu.c:498:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_EXC), excdb->excname, get_exc_size(excdb), get_cxe_size(excdb), excdb->latest);
data/tucnak-4.23/src/menu.c:499:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_VEXC), get_vexc_size(excdb));
data/tucnak-4.23/src/menu.c:500:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_DWI), get_pd_size(dw), get_dw_size(dw), get_wd_size(dw));
data/tucnak-4.23/src/menu.c:501:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_NAMES), get_namedb_size(namedb));
data/tucnak-4.23/src/menu.c:502:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_MASTER), get_masterdb_size(masterdb));
data/tucnak-4.23/src/menu.c:506:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p+=sprintf(p,VTEXT(T_MEMS), 0xf00l);
data/tucnak-4.23/src/menu.c:511:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p+=sprintf(p, " %s=%s ", c2, c3);
data/tucnak-4.23/src/menu.c:527:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_SBRK), act_sbrk-starting_sbrk);
data/tucnak-4.23/src/menu.c:569:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s", VTEXT(T_NMY));
data/tucnak-4.23/src/menu.c:571:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s:%d", inet_ntoa(gnet->my.sin_addr), ntohs(gnet->my.sin_port));
data/tucnak-4.23/src/menu.c:572:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (gnet->v3compatibility) p += sprintf(p, "%s", VTEXT(T_V3_COMPATIBILITY));
data/tucnak-4.23/src/menu.c:575:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s", VTEXT(T_NGLOBAL));
data/tucnak-4.23/src/menu.c:577:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s:%d\n", inet_ntoa(gnet->global.sin_addr), ntohs(gnet->global.sin_port));
data/tucnak-4.23/src/menu.c:580:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s %s %s %s:%d %s up %s %s %s\n",
data/tucnak-4.23/src/menu.c:592:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s %s %s %s:%d %s up %s %s %s\n",
data/tucnak-4.23/src/menu.c:603:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
p += sprintf(p, VTEXT(T_NSLAVES), 0xf001);
data/tucnak-4.23/src/menu.c:610:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "%s %-6s %s %s up %s %s %s\n",
data/tucnak-4.23/src/menu1.c:863:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_excname, old_excname);
data/tucnak-4.23/src/menu1.c:1215:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(excname, new_excname);
data/tucnak-4.23/src/menu5.c:671:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rig_ptt_t2r_str, rig_ptt_types[rig_ptt_t2r]);
data/tucnak-4.23/src/menu5.c:741:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rig_desc, ""/*VTEXT(T_NEW_RIG)*/);
data/tucnak-4.23/src/menu5.c:911:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rig_ptt_t2r_str, rig_ptt_types[rig_ptt_t2r]);
data/tucnak-4.23/src/ntpq.c:69:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("ntpq", "ntpq", "-pn", NULL);
data/tucnak-4.23/src/os_dep.c:161:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(path);
data/tucnak-4.23/src/os_dep.c:165:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
else return system(path);
data/tucnak-4.23/src/os_dep.c:173:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(path);
data/tucnak-4.23/src/os_dep.c:950:5: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("soundwrapper", "soundwrappes", "-q", NULL);
data/tucnak-4.23/src/profile.c:17:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (info->file_name, moduleName);
data/tucnak-4.23/src/profile.c:23:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (info->dli_fname, module_name);
data/tucnak-4.23/src/profile.c:27:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (info->dli_sname, module_name);
data/tucnak-4.23/src/qrvdb.c:345:80: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
for (x[0]='A'; x[0]<'Z'; x[0]++) if (qi->bands_qrv & ( 1 << (x[0] - 'A'))) strcat(qrv_str, x);
data/tucnak-4.23/src/qrvdb.c:1490:54: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if (qi->bands_qrv & (1 << (x[0] - 'A'))) strcat(qrv_qrv, x);
data/tucnak-4.23/src/session.c:1212:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s," Tucnak "VERSION_STRING);
data/tucnak-4.23/src/session.c:1300:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%4s: %3d%c%+d%c",ss, rot->qtf, degree, rot->elev, degree);
data/tucnak-4.23/src/session.c:1309:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s,"%4s: %3d%c%+d%c",ss, rot->qtf, degree, rot->elev, degree);
data/tucnak-4.23/src/session.c:1643:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,mode_msg[get_mode()]);
data/tucnak-4.23/src/session.c:2584:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(band->tmpqsos[0].locator, c);
data/tucnak-4.23/src/session.c:2618:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, c);
data/tucnak-4.23/src/sked.c:270:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldpband, pband);
data/tucnak-4.23/src/ssbd.c:497:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errbuf, VTEXT(T_REC_DISABLED));
data/tucnak-4.23/src/ssbd.c:504:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errbuf, VTEXT(T_CONTEST_TOO_OLD));
data/tucnak-4.23/src/stats.c:1376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, qso->date_str);
data/tucnak-4.23/src/stats.c:1377:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, qso->time_str);
data/tucnak-4.23/src/stats.c:1447:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, qso->date_str);
data/tucnak-4.23/src/stats.c:1448:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, qso->time_str);
data/tucnak-4.23/src/subwin.c:1430:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(call,q->callsign);
data/tucnak-4.23/src/subwin.c:1433:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(call, "ERROR %s", q->callsign);
data/tucnak-4.23/src/terminal.c:401:38: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strlen(term) < MAX_TERM_LEN) strcpy(t->term, term);
data/tucnak-4.23/src/terminal.c:1104:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(param + 1, path);
data/tucnak-4.23/src/terminal.c:1105:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(param + 1 + strlen(path) + 1, delete1);
data/tucnak-4.23/src/terminal.c:1127:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data + 2, path);
data/tucnak-4.23/src/terminal.c:1128:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data + 3 + strlen(path), delete1);
data/tucnak-4.23/src/terminal.c:1146:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(x_data + 1, data);
data/tucnak-4.23/src/translate.c:207:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(translate_oldkey, translate_key);
data/tucnak-4.23/src/trig.c:753:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, VTEXT(T_ERROR_D), (int)error);
data/tucnak-4.23/src/uhpd.c:57:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:%d\r\n", inet_ntoa(sin.sin_addr), (unsigned short)ntohs(sin.sin_port));
data/tucnak-4.23/src/zosk.c:21:31: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define sdlkey(key) case key: strcat(s, #key); break
data/tucnak-4.23/src/zosk.c:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key->text, zosk_sym2text(zosk, key, key->sym));
data/tucnak-4.23/src/zosk.c:74:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key->textFn, zosk_sym2text(zosk, key, key->symFn));
data/tucnak-4.23/src/zosk.c:75:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key->textShift, zosk_sym2text(zosk, key, key->symShift));
data/tucnak-4.23/src/davac4.c:63:98: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (ret==-8) log_addf("Maybe try to run as root: \"adduser %s davac4\" and relogin", getenv("USER"));
data/tucnak-4.23/src/inpout.c:22:18: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
cwda->hInpOut = LoadLibrary("inpout32.dll");
data/tucnak-4.23/src/inpout.c:146:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hInpOut = LoadLibrary("inpout32.dll");
data/tucnak-4.23/src/kbd.c:264:65: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
xwin = is_xterm() * ENV_XWIN + can_twterm() * ENV_TWIN + (!!getenv("STY")) * ENV_SCREEN;
data/tucnak-4.23/src/kbd.c:266:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(ts = getenv("TERM"))) ts = "";
data/tucnak-4.23/src/main.c:286:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
c = getenv("TUCNAK");
data/tucnak-4.23/src/main.c:293:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home_dir = g_strdup(getenv("HOME"));
data/tucnak-4.23/src/main.c:607:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL) + getpid());
data/tucnak-4.23/src/os_dep.c:56:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((v = getenv(env))) return atoi(v);
data/tucnak-4.23/src/os_dep.c:133:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (xt == -1) xt = !!getenv("TWDISPLAY");
data/tucnak-4.23/src/os_dep.c:143:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (xt == -1) xt = !!getenv("DISPLAY");
data/tucnak-4.23/src/os_dep.h:44:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define GETSHELL getenv("SHELL")
data/tucnak-4.23/src/os_dep.h:53:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define GETSHELL getenv("COMSPEC")
data/tucnak-4.23/src/os_dep.h:65:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define GETSHELL getenv("COMSPEC")
data/tucnak-4.23/src/rc.c:2004:13: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt(argc, argv, ":dghikmst?x");
data/tucnak-4.23/src/terminal.c:626:69: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
xwin = is_xterm() * ENV_XWIN + can_twterm() * ENV_TWIN + (!!getenv("STY")) * ENV_SCREEN;
data/tucnak-4.23/src/terminal.c:627:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!(ts = getenv("TERM"))) ts = "";
data/tucnak-4.23/src/tsdl.c:82:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("DISPLAY")!=NULL) opt_g=1;
data/tucnak-4.23/src/update.c:56:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
c = getenv("TMP");
data/tucnak-4.23/src/update.c:57:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!c) c = getenv("TEMP");
data/tucnak-4.23/src/ac.c:153:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->qtf = (atoi(c) - 90) * M_PI / 180.0;
data/tucnak-4.23/src/ac.c:157:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->asl = atoi(c) * 0.3048;
data/tucnak-4.23/src/ac.c:168:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->speed = atoi(c) * 1.852;
data/tucnak-4.23/src/ac.c:189:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->when = (time_t)atol(c);
data/tucnak-4.23/src/ac.c:222:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->qtf = (atoi(c) - 90) * M_PI / 180.0;
data/tucnak-4.23/src/ac.c:225:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->asl = atoi(c) * 0.3048;
data/tucnak-4.23/src/ac.c:230:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->speed = atoi(c) * 1.852;
data/tucnak-4.23/src/ac.c:234:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ac->when = (time_t)atol(c);
data/tucnak-4.23/src/ac.c:985:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(acstart, " ");
data/tucnak-4.23/src/ac.c:987:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(acstart, " ");
data/tucnak-4.23/src/ac.c:988:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(acint, " ");
data/tucnak-4.23/src/ac.c:1000:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(acstart, "%02d:%02d:%02d %02dm%02d", utc.tm_hour, utc.tm_min, utc.tm_sec, (int)((diff / 60) % 60), (int)(diff / 60));
data/tucnak-4.23/src/ac.c:1002:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(acstart, "%02dm%02d", (int)((diff / 60) % 60), (int)(diff % 60));
data/tucnak-4.23/src/ac.c:1008:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(acint, "--- %2d", qi->ac_n);
data/tucnak-4.23/src/ac.c:1010:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(acint, "+++ %2d", qi->ac_n);
data/tucnak-4.23/src/ac.c:1012:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(acint, "%3ld %2d", (long)qi->ac_interval, qi->ac_n);
data/tucnak-4.23/src/ac.c:1039:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
aci->wingspan = atoi(wingspan);
data/tucnak-4.23/src/adif.c:25:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
#define ADIF_INT(iname,item) sprintf(s,"%d",item); g_string_append_printf(gs,"<%s:%d>%s ",iname, (int)strlen(s),s)
data/tucnak-4.23/src/adif.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024],dummy[10], *psect;
data/tucnak-4.23/src/adif.c:90:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dummy,"1.00");
data/tucnak-4.23/src/adif.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/adif.c:168:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d.%06d",(int)(q->qrg/1000000.0), (int)fmod(q->qrg, 1000000.0));
data/tucnak-4.23/src/adif.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/adif.c:203:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wb"); /* must be b for windoze */
data/tucnak-4.23/src/adif.c:263:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*taglen=atoi(items[1]);
data/tucnak-4.23/src/adif.c:324:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qrg=1000*atoi(SAFE_ADIF_ITEM("FREQ"));
data/tucnak-4.23/src/adif.c:369:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->qsonrs=g_strdup_printf("%03d", atoi(SAFE_ADIF_ITEM("STX")));
data/tucnak-4.23/src/adif.c:371:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->qsonrs=g_strdup_printf("%03d", atoi(SAFE_ADIF_ITEM("NO_SENT")));
data/tucnak-4.23/src/adif.c:377:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->qsonrr=g_strdup_printf("%03d", atoi(SAFE_ADIF_ITEM("SRX")));
data/tucnak-4.23/src/adif.c:379:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->qsonrr=g_strdup_printf("%03d", atoi(SAFE_ADIF_ITEM("NO_RCVD")));
data/tucnak-4.23/src/adif.c:414:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/tucnak-4.23/src/adif.c:466:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ctest->qsoused && b->qsos->len+1 != atoi(b->tmpqsos[0].qsonrs)){
data/tucnak-4.23/src/alsa.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcm_name[256], mixer_name[256];
data/tucnak-4.23/src/alsa.c:36:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pcm_name, "hw:%d,%d", card, pcm_device);
data/tucnak-4.23/src/alsa.c:75:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mixer_name, "hw:%d", card);
data/tucnak-4.23/src/alsa.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[256];
data/tucnak-4.23/src/alsa.c:140:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dev,"hw:%d", card);
data/tucnak-4.23/src/bfu.c:510:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mii + n + 1, mii + n, sizeof(struct menu_item));
data/tucnak-4.23/src/bfu.c:641:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(di->cdata, s, l);
data/tucnak-4.23/src/bfu.c:737:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(di->cdata, di->item->data, di->item->dlen);
data/tucnak-4.23/src/bfu.c:1022:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dlg->dlg->items[i].data, dlg->items[i].cdata, dlg->dlg->items[i].dlen);
data/tucnak-4.23/src/bfu.c:1559:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_file[MAX_STR_LEN];
data/tucnak-4.23/src/bfu.c:1601:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, def, l - 1);
data/tucnak-4.23/src/bfu.c:1742:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[1026];
data/tucnak-4.23/src/bfu.h:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[1];
data/tucnak-4.23/src/cabrillo.c:26:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, l);
data/tucnak-4.23/src/cabrillo.c:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + len - l, src, l);
data/tucnak-4.23/src/cabrillo.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/cabrillo.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/tucnak-4.23/src/cabrillo.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[256];
data/tucnak-4.23/src/cabrillo.c:89:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p = atoi(band->spowe);
data/tucnak-4.23/src/cabrillo.c:116:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wb"); /* must be b for windoze */
data/tucnak-4.23/src/charsets.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[256] = {
data/tucnak-4.23/src/charsets.c:127:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf_buffer[7];
data/tucnak-4.23/src/chart.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/tucnak-4.23/src/chart.c:186:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%dk", sw->maxv / 1000);
data/tucnak-4.23/src/chart.c:188:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", sw->maxv);
data/tucnak-4.23/src/chart.c:224:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%02d", (i / 60) % 24);
data/tucnak-4.23/src/chart.c:252:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%dk", (i / 1000));
data/tucnak-4.23/src/chart.c:254:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", i);
data/tucnak-4.23/src/chart.c:308:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (i == 0) bt = atoi(q->date_str + 2); // no century
data/tucnak-4.23/src/chart.c:310:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tajm = atoi(q->time_str);
data/tucnak-4.23/src/chart.c:311:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = (atoi(q->date_str + 2) - bt) * 1440 + (tajm / 100) * 60 + tajm % 100;
data/tucnak-4.23/src/chart.c:467:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/chart.c:533:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[20], *hkey;
data/tucnak-4.23/src/chart.c:539:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (firstdate < 0) firstdate = atoi(items[0]);
data/tucnak-4.23/src/chart.c:544:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tajm = atoi(items[1]);
data/tucnak-4.23/src/chart.c:545:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->time = (atoi(items[0]) - firstdate) * 1440 + (tajm / 100) * 60 + tajm % 100;
data/tucnak-4.23/src/chart.c:546:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->pts = atoi(items[10]);
data/tucnak-4.23/src/chart.c:547:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key, "qso%d", b->chqsos->len);
data/tucnak-4.23/src/chart.c:589:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (i == 0) bt = atoi(q->date_str + 2);
data/tucnak-4.23/src/chart.c:591:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tajm = atoi(q->time_str);
data/tucnak-4.23/src/chart.c:592:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = (atoi(q->date_str + 2) - bt) * 1440 + (tajm / 100) * 60 + tajm % 100;
data/tucnak-4.23/src/chart.c:644:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/tucnak-4.23/src/chart.c:671:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[402];
data/tucnak-4.23/src/chart.c:677:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/chart.c:686:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(ztokenize(zs, 1));
data/tucnak-4.23/src/control.c:411:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rt");
data/tucnak-4.23/src/control.c:436:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/cwdaemon.c:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256], *c, ch;
data/tucnak-4.23/src/cwdaemon.c:285:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '\x09': strcpy(s, "\x09"); break;
data/tucnak-4.23/src/cwdaemon.c:288:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'A': strcpy(s, ".-"); break;
data/tucnak-4.23/src/cwdaemon.c:289:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'B': strcpy(s, "-..."); break;
data/tucnak-4.23/src/cwdaemon.c:290:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'C': strcpy(s, "-.-."); break;
data/tucnak-4.23/src/cwdaemon.c:291:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'D': strcpy(s, "-.."); break;
data/tucnak-4.23/src/cwdaemon.c:293:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'F': strcpy(s, "..-."); break;
data/tucnak-4.23/src/cwdaemon.c:294:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'G': strcpy(s, "--."); break;
data/tucnak-4.23/src/cwdaemon.c:295:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'H': strcpy(s, "...."); break;
data/tucnak-4.23/src/cwdaemon.c:296:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'I': strcpy(s, ".."); break;
data/tucnak-4.23/src/cwdaemon.c:297:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'J': strcpy(s, ".---"); break;
data/tucnak-4.23/src/cwdaemon.c:298:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'K': strcpy(s, "-.-"); break;
data/tucnak-4.23/src/cwdaemon.c:299:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'L': strcpy(s, ".-.."); break;
data/tucnak-4.23/src/cwdaemon.c:300:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'M': strcpy(s, "--"); break;
data/tucnak-4.23/src/cwdaemon.c:301:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'N': strcpy(s, "-."); break;
data/tucnak-4.23/src/cwdaemon.c:302:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'O': strcpy(s, "---"); break;
data/tucnak-4.23/src/cwdaemon.c:303:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'P': strcpy(s, ".--."); break;
data/tucnak-4.23/src/cwdaemon.c:304:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'Q': strcpy(s, "--.-"); break;
data/tucnak-4.23/src/cwdaemon.c:305:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'R': strcpy(s, ".-."); break;
data/tucnak-4.23/src/cwdaemon.c:306:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'S': strcpy(s, "..."); break;
data/tucnak-4.23/src/cwdaemon.c:308:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'U': strcpy(s, "..-"); break;
data/tucnak-4.23/src/cwdaemon.c:309:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'V': strcpy(s, "...-"); break;
data/tucnak-4.23/src/cwdaemon.c:310:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'W': strcpy(s, ".--"); break;
data/tucnak-4.23/src/cwdaemon.c:311:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'X': strcpy(s, "-..-"); break;
data/tucnak-4.23/src/cwdaemon.c:312:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'Y': strcpy(s, "-.--"); break;
data/tucnak-4.23/src/cwdaemon.c:313:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 'Z': strcpy(s, "--.."); break;
data/tucnak-4.23/src/cwdaemon.c:314:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '0': strcpy(s, "-----"); break;
data/tucnak-4.23/src/cwdaemon.c:315:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '1': strcpy(s, ".----"); break;
data/tucnak-4.23/src/cwdaemon.c:316:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '2': strcpy(s, "..---"); break;
data/tucnak-4.23/src/cwdaemon.c:317:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '3': strcpy(s, "...--"); break;
data/tucnak-4.23/src/cwdaemon.c:318:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '4': strcpy(s, "....-"); break;
data/tucnak-4.23/src/cwdaemon.c:319:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '5': strcpy(s, "....."); break;
data/tucnak-4.23/src/cwdaemon.c:320:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '6': strcpy(s, "-...."); break;
data/tucnak-4.23/src/cwdaemon.c:321:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '7': strcpy(s, "--..."); break;
data/tucnak-4.23/src/cwdaemon.c:322:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '8': strcpy(s, "---.."); break;
data/tucnak-4.23/src/cwdaemon.c:323:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '9': strcpy(s, "----."); break;
data/tucnak-4.23/src/cwdaemon.c:324:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '?': strcpy(s, "..--.."); break;
data/tucnak-4.23/src/cwdaemon.c:325:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '/': strcpy(s, "-..-."); break;
data/tucnak-4.23/src/cwdaemon.c:326:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case ',': strcpy(s, "--..--"); break;
data/tucnak-4.23/src/cwdaemon.c:327:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '=': strcpy(s, "-...-"); break;
data/tucnak-4.23/src/cwdaemon.c:328:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '@': strcpy(s, ".--.-."); break;
data/tucnak-4.23/src/cwdaemon.c:329:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '-': strcpy(s, "-....-"); break;
data/tucnak-4.23/src/cwdaemon.c:330:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '+': strcpy(s, ".-.-."); break;
data/tucnak-4.23/src/cwdaemon.c:331:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '.': strcpy(s, ".-.-.-"); break;
data/tucnak-4.23/src/cwdaemon.c:332:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case ';': strcpy(s, "-.-.-."); break;
data/tucnak-4.23/src/cwdaemon.c:333:23: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case '!': strcpy(s, ".-..."); break;
data/tucnak-4.23/src/cwdaemon.c:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1030];
data/tucnak-4.23/src/cwdaemon.c:841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/cwdaemon.c:897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:900:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\033a%d", onoff);
data/tucnak-4.23/src/cwdaemon.c:906:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:909:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\033b%d", onoff);
data/tucnak-4.23/src/cwdaemon.c:915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:920:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\033h%d", -1);
data/tucnak-4.23/src/cwdaemon.c:926:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:931:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\0332%d", wpm);
data/tucnak-4.23/src/cwdaemon.c:937:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:952:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\0337%d", (48 * weight - 24000) / cwda->speed );
data/tucnak-4.23/src/cwdaemon.c:958:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:963:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\0333%d", tone);
data/tucnak-4.23/src/cwdaemon.c:977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/cwdaemon.c:982:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\033e%d", bandsw);
data/tucnak-4.23/src/cwdaemon.c:1205:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[20];
data/tucnak-4.23/src/cwdaemon.c:1214:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[20];
data/tucnak-4.23/src/cwdaemon.c:1234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sft_buf[SFT_LEN+1];
data/tucnak-4.23/src/cwdb.c:115:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_cw(cw, call, wwl, atoi(stamp_str), qrv_str); /* qrv can be null */
data/tucnak-4.23/src/cwdb.c:116:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_wc(cw, wwl, call, atoi(stamp_str));
data/tucnak-4.23/src/cwdb.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[102];
data/tucnak-4.23/src/cwdb.c:123:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/cwdb.c:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096];
data/tucnak-4.23/src/cwdb.c:214:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt"); /* FIXME swp first */
data/tucnak-4.23/src/cwdb.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[4096];
data/tucnak-4.23/src/cwdb.c:415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[25], raw2[25];
data/tucnak-4.23/src/cwdb.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_str[35];
data/tucnak-4.23/src/cwdb.c:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char degree[2];
data/tucnak-4.23/src/cwdb.c:494:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(degree, "\xb0");
data/tucnak-4.23/src/cwdb.c:654:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_cw(cw, q->callsign, q->locator, atoi(q->date_str), qrv_str);
data/tucnak-4.23/src/cwdb.c:655:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_wc(cw, q->locator, q->callsign, atoi(q->date_str));
data/tucnak-4.23/src/cwdb.c:726:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[40], *myqth;
data/tucnak-4.23/src/cwdb.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char degree[2];
data/tucnak-4.23/src/cwdb.c:738:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(degree, "\xb0");
data/tucnak-4.23/src/cwwindow.c:259:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/tucnak-4.23/src/davac4.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[128], description[128];
data/tucnak-4.23/src/davac4.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial[128];
data/tucnak-4.23/src/davac4.c:247:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eeprom_buf[128];
data/tucnak-4.23/src/dsp.h:115:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct dsp *dsp, int rec);
data/tucnak-4.23/src/dwdb.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwl1[6];
data/tucnak-4.23/src/dwdb.c:215:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/dwdb.c:321:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/dwdb.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwl4[6];
data/tucnak-4.23/src/dwdb.c:400:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
waz = atoi(line[1]);
data/tucnak-4.23/src/dwdb.c:402:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
itu = atoi(line[2]);
data/tucnak-4.23/src/dwdb.c:493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxcc[25];
data/tucnak-4.23/src/dwdb.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[25];
data/tucnak-4.23/src/dwdb.c:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxcc[25];
data/tucnak-4.23/src/dwdb.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[25];
data/tucnak-4.23/src/dwdb.c:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swwl[5];
data/tucnak-4.23/src/dwdb.c:596:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40];
data/tucnak-4.23/src/dwdb.c:608:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s, "/P");
data/tucnak-4.23/src/dwdb.c:641:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40],s1[40], raw[40];
data/tucnak-4.23/src/dwdb.c:725:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s, "/P");
data/tucnak-4.23/src/dwdb.c:844:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wt");
data/tucnak-4.23/src/dwdb.c:889:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ss[1024];
data/tucnak-4.23/src/dwdb.c:892:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[30];
data/tucnak-4.23/src/dwdb.c:958:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stroke[10];
data/tucnak-4.23/src/dwdb.c:959:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stroke, "/%d", i);
data/tucnak-4.23/src/dwdb.c:1007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxcc[32];
data/tucnak-4.23/src/dwdb.c:1057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/dwdb.c:1076:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100], *stroke = NULL;
data/tucnak-4.23/src/dxc.c:138:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spotdb->sfi = atoi(c2);
data/tucnak-4.23/src/dxc.c:170:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zulu=atoi(d);
data/tucnak-4.23/src/dxc.c:727:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/tucnak-4.23/src/dxc.c:736:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%1.1f", spot->qrg);
data/tucnak-4.23/src/dxc.c:758:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%1.1f", spot->qrg);
data/tucnak-4.23/src/dxc.c:818:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/tucnak-4.23/src/dxc.c:902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1030], *d, *last, errbuf[100];
data/tucnak-4.23/src/dxc.c:1103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[25];
data/tucnak-4.23/src/dxc.c:1180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[20];//, raw[20];
data/tucnak-4.23/src/dxc.c:1196:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char call[20];
data/tucnak-4.23/src/dxc.c:1197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/dxc.c:1218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[25];
data/tucnak-4.23/src/ebw.c:33:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename, "rb");
data/tucnak-4.23/src/ebw.c:96:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(call, record+callofs, calllen);
data/tucnak-4.23/src/ebw.c:102:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wwl, record+wwlofs, wwllen);
data/tucnak-4.23/src/ebw.c:109:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, record+nameofs, namelen);
data/tucnak-4.23/src/ebw.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[20];
data/tucnak-4.23/src/ebw.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[11]; /* \0 terminated */
data/tucnak-4.23/src/ebw.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[14];
data/tucnak-4.23/src/edi.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/edi.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/edi.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/edi.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/edi.c:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/edi.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/edi.c:395:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(band->edifile, "wb"); /* must be b for windoze */
data/tucnak-4.23/src/edi.c:501:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wb"); /* must be b for windoze */
data/tucnak-4.23/src/edi.c:749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/edi.c:767:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->mode = atoi(items[3]);
data/tucnak-4.23/src/edi.c:781:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char century[3];
data/tucnak-4.23/src/edi.c:798:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->stamp = atoi(items[2]);
data/tucnak-4.23/src/edi.c:825:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->ser_id=atoi(items[6]);
data/tucnak-4.23/src/edi.c:959:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ss[1024];
data/tucnak-4.23/src/edi.c:973:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockfile = fopen(c, "w");
data/tucnak-4.23/src/edi.c:1001:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(c, "at");
data/tucnak-4.23/src/edi.c:1044:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "rt");
data/tucnak-4.23/src/edi.c:1116:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(c, "swp");
data/tucnak-4.23/src/edi.c:1119:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "rt");
data/tucnak-4.23/src/edi.c:1125:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
saveid=atoi(gs->str+3);
data/tucnak-4.23/src/edi.c:1214:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctestdate_int = atoi(ctest->cdate);
data/tucnak-4.23/src/edi.c:1291:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/edi.c:1319:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/edi.c:1334:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/error.c:307:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if ((ah->comment = malloc(l + 1))) memcpy(ah->comment, c, l), ah->comment[l] = 0;
data/tucnak-4.23/src/error.c:429:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("tucnak.sockdbg", "at");
data/tucnak-4.23/src/excdb.c:127:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_exc(excdb, call, exc, atoi(stamp_str));
data/tucnak-4.23/src/excdb.c:128:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_cxe(excdb, exc, call, atoi(stamp_str));
data/tucnak-4.23/src/excdb.c:135:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/excdb.c:171:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/excdb.c:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/excdb.c:343:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt"); /* FIXME swp first */
data/tucnak-4.23/src/excdb.c:435:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/tucnak-4.23/src/excdb.c:528:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_exc(excdb, q->callsign, q->exc, atoi(q->date_str));
data/tucnak-4.23/src/excdb.c:529:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_cxe(excdb, q->exc, q->callsign, atoi(q->date_str));
data/tucnak-4.23/src/excdb.c:585:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (strcasecmp(s, "QC")==0) { strcpy(s, "PQ"); return; }
data/tucnak-4.23/src/excdb.c:586:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (strcasecmp(s, "MAN")==0) { strcpy(s, "MB"); return; }
data/tucnak-4.23/src/excdb.c:587:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (strcasecmp(s, "ALB")==0) { strcpy(s, "AB"); return; }
data/tucnak-4.23/src/excdb.c:588:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (strcasecmp(s, "ALT")==0) { strcpy(s, "AB"); return; }
data/tucnak-4.23/src/excdb.c:589:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (strcasecmp(s, "YU")==0) { strcpy(s, "YT"); return; }
data/tucnak-4.23/src/fifo.c:255:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/fifo.c:281:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/fifo.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[25];
data/tucnak-4.23/src/hdkeyb.c:148:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qtf = atoi(hdkeyb->qtfstr);
data/tucnak-4.23/src/hdkeyb.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[50];
data/tucnak-4.23/src/hdkeyb.c:246:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[50];
data/tucnak-4.23/src/hdkeyb.c:247:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "jedeme %d", i);
data/tucnak-4.23/src/hdkeyb.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtfstr[4];
data/tucnak-4.23/src/hf.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256], t[256];
data/tucnak-4.23/src/hf.c:213:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d %03d %03d", ntotal / 1000000, (ntotal % 1000000) / 1000, ntotal % 1000);
data/tucnak-4.23/src/hf.c:215:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d %d", ntotal / 1000, ntotal % 1000);
data/tucnak-4.23/src/hf.c:217:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d", ntotal);
data/tucnak-4.23/src/hf.c:283:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, "%d", q->qsop);
data/tucnak-4.23/src/hf.c:291:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t, "(n/a)");
data/tucnak-4.23/src/hf.c:323:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%d km, %d", gses->aqrb, gses->aqtf);
data/tucnak-4.23/src/hf.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/hf.c:486:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dxcc[25];
data/tucnak-4.23/src/html.c:277:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[10];
data/tucnak-4.23/src/html.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/html.c:430:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wt");
data/tucnak-4.23/src/httpd.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/tucnak-4.23/src/httpd.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1030], *c, lf;
data/tucnak-4.23/src/icons.h:3:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_home32[818];
data/tucnak-4.23/src/icons.h:4:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_key32[1075];
data/tucnak-4.23/src/icons.h:5:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_mast[334];
data/tucnak-4.23/src/icons.h:6:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_norec[3817];
data/tucnak-4.23/src/icons.h:7:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_play[2832];
data/tucnak-4.23/src/icons.h:8:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_record[2703];
data/tucnak-4.23/src/icons.h:9:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_sun[1918];
data/tucnak-4.23/src/icons.h:10:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_tucnak[2036];
data/tucnak-4.23/src/icons.h:11:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_tucnak23[319];
data/tucnak-4.23/src/icons.h:12:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_tucnak64[5343];
data/tucnak-4.23/src/icons.h:13:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_tucnakv[1772];
data/tucnak-4.23/src/icons.h:14:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_tucnakv64[5042];
data/tucnak-4.23/src/icons.h:15:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_xfer32[1709];
data/tucnak-4.23/src/icons.h:16:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_zoomin32[2083];
data/tucnak-4.23/src/icons.h:17:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char icon_zoomout32[1954];
data/tucnak-4.23/src/inputln.c:93:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char callkst[EQSO_LEN];
data/tucnak-4.23/src/inputln.c:259:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/tucnak-4.23/src/inputln.c:394:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sss[2];
data/tucnak-4.23/src/kbd.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kqueue[IN_BUF_SIZE];
data/tucnak-4.23/src/kbd.c:126:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(itrm->ev_queue + itrm->eqlen, data + w, len - w);
data/tucnak-4.23/src/kbd.c:203:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (p) memcpy(p, &t, sizeof(struct termios));
data/tucnak-4.23/src/kbd.c:371:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
x = atoi(text);
data/tucnak-4.23/src/kbd.c:372:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
y = atoi(p);
data/tucnak-4.23/src/kst.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kst_time_str[200];
data/tucnak-4.23/src/kst.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acstart[30];
data/tucnak-4.23/src/kst.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acint[30];
data/tucnak-4.23/src/kst.c:392:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kst_time_str, "%2d:%02d", utc.tm_hour, utc.tm_min);
data/tucnak-4.23/src/kst.c:399:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwl4[5];
data/tucnak-4.23/src/kst.c:630:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[100];
data/tucnak-4.23/src/kst.c:717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1030], *d, *last, errbuf[100];
data/tucnak-4.23/src/kst.c:945:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[25];
data/tucnak-4.23/src/kst.c:1094:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[40], *c;
data/tucnak-4.23/src/kst.c:1156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[20], s[20], *c;
data/tucnak-4.23/src/kst.c:1179:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char call[20], raw[20];
data/tucnak-4.23/src/kst.c:1200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[25];
data/tucnak-4.23/src/kst.c:1526:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/language.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummyarray[T__N_TEXTS];
data/tucnak-4.23/src/language.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char **translation_array[N_LANGUAGES][N_CODEPAGES];
data/tucnak-4.23/src/list.c:29:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/tucnak-4.23/src/list.c:90:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ctest->qsoused && b->qsos->len+1 != atoi(b->tmpqsos[0].qsonrs)){
data/tucnak-4.23/src/main.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char pwwlo[MAX_STR_LEN];
data/tucnak-4.23/src/main.c:566:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userbuf[64];
data/tucnak-4.23/src/main.c:750:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256], *c;
data/tucnak-4.23/src/main.c:758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/tucnak-4.23/src/main.c:879:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/tucnak-4.23/src/main.c:919:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20], t[20];
data/tucnak-4.23/src/main.c:920:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:921:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " abc"); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:922:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:923:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:924:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " abc"); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:925:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "abc "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:926:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "abc"); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:927:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:935:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/tucnak-4.23/src/map.c:1315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/map.c:1382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/tucnak-4.23/src/map.c:1561:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/tucnak-4.23/src/map.c:1565:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "../src/");
data/tucnak-4.23/src/map.c:1568:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "rb");
data/tucnak-4.23/src/map.c:1586:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "rb");
data/tucnak-4.23/src/map2d.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024], *addr, *sym, *c;
data/tucnak-4.23/src/map2d.c:18:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fin = fopen(s, "rt"))){
data/tucnak-4.23/src/map2d.c:24:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fout = fopen(s, "wt"))){
data/tucnak-4.23/src/masterdb.c:139:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/menu.c:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[256];
data/tucnak-4.23/src/menu.c:153:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n1 = c1 ? atoi(c1+1) : 0;
data/tucnak-4.23/src/menu.c:154:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n2 = c2 ? atoi(c2+1) : 0;
data/tucnak-4.23/src/menu.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1025], *d;
data/tucnak-4.23/src/menu.c:213:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(c, "rt");
data/tucnak-4.23/src/menu.c:224:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(c, "rt");
data/tucnak-4.23/src/menu.c:445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rr, r, sizeof(struct refresh));
data/tucnak-4.23/src/menu.c:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MSG_BUF];
data/tucnak-4.23/src/menu.c:482:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1026], *c1, *c2, *c3;
data/tucnak-4.23/src/menu.c:504:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/proc/self/status", "rt");
data/tucnak-4.23/src/menu.c:551:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MSG_BUF];
data/tucnak-4.23/src/menu.c:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[LEN];
data/tucnak-4.23/src/menu.c:557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hms[LEN];
data/tucnak-4.23/src/menu.c:570:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!gnet->v3compatibility) p += sprintf(p, "%d/", cfg->net_masterpriority);
data/tucnak-4.23/src/menu.c:576:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!gnet->v3compatibility) p += sprintf(p, "%d/", gnet->global_priority);
data/tucnak-4.23/src/menu.c:807:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/menu.c:879:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%d", i);
data/tucnak-4.23/src/menu.c:1075:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, file_menu22, sizeof(file_menu22));
data/tucnak-4.23/src/menu.c:1103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, file_menu3 + x, sizeof(file_menu3) - x * sizeof(struct menu_item));
data/tucnak-4.23/src/menu.c:1679:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(text, "rt");
data/tucnak-4.23/src/menu.h:69:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
base->item = atoi(item##_str);
data/tucnak-4.23/src/menu1.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_STR_LEN],pcall[MAX_STR_LEN],pclub[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwwlo[MAX_STR_LEN],pexch[MAX_STR_LEN],tdate[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsomult_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwltype_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwlbonu_str[MAX_STR_LEN], wwlmult_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exctype_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char excbonu_str[MAX_STR_LEN], excmult_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:45:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char excname[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:47:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefmult_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxcbonu_str[MAX_STR_LEN], dxcmult_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_rst[MAX_STR_LEN],default_rs[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char operator_[EQSO_LEN];
data/tucnak-4.23/src/menu1.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tttype_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_excname[MAX_STR_LEN], old_excname[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opsect[RESP_LEN];
data/tucnak-4.23/src/menu1.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stxeq[RESP_LEN], spowe[RESP_LEN], srxeq[RESP_LEN], sante[RESP_LEN];
data/tucnak-4.23/src/menu1.c:66:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char santh[RESP_LEN], mope1[RESP_LEN], mope2[RESP_LEN];
data/tucnak-4.23/src/menu1.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remarks[RESP_LEN];
data/tucnak-4.23/src/menu1.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ok_section_single[RESP_LEN], ok_section_multi[RESP_LEN];
data/tucnak-4.23/src/menu1.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrg_min_str[RESP_LEN], qrg_max_str[RESP_LEN];
data/tucnak-4.23/src/menu1.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adifband[RESP_LEN], skedqrg[RESP_LEN], band_lo_str[RESP_LEN];
data/tucnak-4.23/src/menu1.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char band_sw_str[RESP_LEN];
data/tucnak-4.23/src/menu1.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwlradius_str[RESP_LEN];
data/tucnak-4.23/src/menu1.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psectstr[EQSO_LEN];
data/tucnak-4.23/src/menu1.c:178:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ss[1024];
data/tucnak-4.23/src/menu1.c:474:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[RESP_LEN], rcall[RESP_LEN], radr1[RESP_LEN], radr2[RESP_LEN];
data/tucnak-4.23/src/menu1.c:475:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rpoco[RESP_LEN], rcity[RESP_LEN], rcoun[RESP_LEN];
data/tucnak-4.23/src/menu1.c:476:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rphon[RESP_LEN], rhbbs[RESP_LEN];
data/tucnak-4.23/src/menu1.c:668:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsop_method_str[MAX_STR_LEN],total_method_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:761:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tttype_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:801:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wwltype_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:857:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_excname, "WAZ");
data/tucnak-4.23/src/menu1.c:860:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_excname, "ITU");
data/tucnak-4.23/src/menu1.c:1689:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padr1[MAX_STR_LEN],padr2[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:1691:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxc_host[MAX_STR_LEN], dxc_port_str[EQSO_LEN];
data/tucnak-4.23/src/menu1.c:1692:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxc_user[MAX_STR_LEN], dxc_pass[MAX_STR_LEN];
data/tucnak-4.23/src/menu1.c:1693:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kst_user[MAX_STR_LEN], kst_pass[MAX_STR_LEN], kst_name[MAX_STR_LEN], slovhf_user[MAX_STR_LEN];
data/tucnak-4.23/src/menu2.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode_str[EQSO_LEN];
data/tucnak-4.23/src/menu2.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char callsign[EQSO_LEN], rstr[EQSO_LEN], qsonrr[EQSO_LEN], exc[MAX_EXC_LEN+1], locator[EQSO_LEN];
data/tucnak-4.23/src/menu2.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rsts[EQSO_LEN], qsonrs[EQSO_LEN];
data/tucnak-4.23/src/menu2.c:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char date_str[EQSO_LEN], time_str[EQSO_LEN], operator_[EQSO_LEN], remark[MAX_STR_LEN];
data/tucnak-4.23/src/menu2.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ocallsign[OEQSO_LEN], orstr[OEQSO_LEN], oqsonrr[OEQSO_LEN], oexc[MAX_EXC_LEN+1], olocator[OEQSO_LEN];
data/tucnak-4.23/src/menu2.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char omode_str[OEQSO_LEN], orsts[OEQSO_LEN], oqsonrs[OEQSO_LEN];
data/tucnak-4.23/src/menu2.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char odate_str[OEQSO_LEN], otime_str[OEQSO_LEN], ooperator[OEQSO_LEN], oremark[MAX_STR_LEN], oqrg[QRG_LEN];
data/tucnak-4.23/src/menu2.c:75:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oomode_str[OEQSO_LEN], oorstr[OEQSO_LEN], oorsts[OEQSO_LEN];
data/tucnak-4.23/src/menu2.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[30];
data/tucnak-4.23/src/menu2.c:118:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(time_str, "%02d%02d", atoi(h)%24, atoi(m)%60);
data/tucnak-4.23/src/menu2.c:118:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(time_str, "%02d%02d", atoi(h)%24, atoi(m)%60);
data/tucnak-4.23/src/menu2.c:118:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(time_str, "%02d%02d", atoi(h)%24, atoi(m)%60);
data/tucnak-4.23/src/menu2.c:120:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(time_str, "%02d%02d", atoi(time_str)/100, atoi(time_str)%100);
data/tucnak-4.23/src/menu2.c:120:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(time_str, "%02d%02d", atoi(time_str)/100, atoi(time_str)%100);
data/tucnak-4.23/src/menu2.c:120:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(time_str, "%02d%02d", atoi(time_str)/100, atoi(time_str)%100);
data/tucnak-4.23/src/menu2.c:285:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ss[102];
data/tucnak-4.23/src/menu2.c:286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/tucnak-4.23/src/menu2.c:327:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"%0.0f", qso->qrg);
data/tucnak-4.23/src/menu2.c:343:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_snprintf(ss,100,VTEXT(T_EDIT_QSO_CD), aband->bandchar, atoi(qso->qsonrs));
data/tucnak-4.23/src/menu3.c:114:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qso_mark_as_error(aband, atoi(qso->qsonrs)-1);
data/tucnak-4.23/src/menu3.c:197:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char op[EQSO_LEN];
data/tucnak-4.23/src/menu3.c:352:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qrg[20];
data/tucnak-4.23/src/menu3.c:531:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_floppy_aq_str[AS_LEN], as_floppy_am_str[AS_LEN];
data/tucnak-4.23/src/menu3.c:534:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_floppy_path[MAX_STR_LEN];
data/tucnak-4.23/src/menu3.c:535:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_mount_cmd[MAX_STR_LEN];
data/tucnak-4.23/src/menu3.c:744:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asw_cmd[MAX_STR_LEN];
data/tucnak-4.23/src/menu3.c:745:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asw_respawn_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu3.c:1066:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char remark[40];
data/tucnak-4.23/src/menu4.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keys[MAX_CQ]={"F5", "F6", "F7", "F8", "F11", "F12"};
data/tucnak-4.23/src/menu4.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cw_str[MAX_STR_LEN], cw_speed_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cw_ts_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:50:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cq->cw_speed = atoi(cw_speed_str);
data/tucnak-4.23/src/menu4.c:52:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cq->cw_ts = atoi(cw_ts_str);
data/tucnak-4.23/src/menu4.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char example[40];
data/tucnak-4.23/src/menu4.c:226:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssb_file[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:228:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssb_ts_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:237:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cq->ssb_ts = atoi(ssb_ts_str);
data/tucnak-4.23/src/menu4.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char example[20];
data/tucnak-4.23/src/menu4.c:387:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwda_device[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:388:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwda_hostname[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:389:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char udp_port_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:390:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:391:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weight_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:392:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minwpm_str[EQSO_LEN], maxwpm_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:394:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leadin_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:395:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tail_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:396:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char autgive_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:403:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_udp_port = atoi(udp_port_str);
data/tucnak-4.23/src/menu4.c:404:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_speed = atoi(speed_str);
data/tucnak-4.23/src/menu4.c:405:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_weight = atoi(weight_str);
data/tucnak-4.23/src/menu4.c:408:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_minwpm = atoi(minwpm_str);
data/tucnak-4.23/src/menu4.c:409:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_maxwpm = atoi(maxwpm_str);
data/tucnak-4.23/src/menu4.c:411:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_leadin = atoi(leadin_str);
data/tucnak-4.23/src/menu4.c:412:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_tail = atoi(tail_str);
data/tucnak-4.23/src/menu4.c:413:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg->cwda_autgive = atoi(autgive_str);
data/tucnak-4.23/src/menu4.c:636:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ssbd_format_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:637:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ssbd_oss_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:638:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ssbd_alsa_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:640:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_pa_play_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:641:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_pa_rec_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:870:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_maxmin_str[EQSO_LEN], ssbd_diskfree_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:872:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_format_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:873:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_channels_str[EQSO_LEN], ssbd_samplerate_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:874:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_plev_str[EQSO_LEN], ssbd_rlev_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:875:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_template[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:877:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_pcm_play[EQSO_LEN], ssbd_pcm_rec[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:878:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_period_time_str[EQSO_LEN]/*, ssbd_buffer_time_str[EQSO_LEN]*/;
data/tucnak-4.23/src/menu4.c:879:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_alsa_mixer[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:880:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_alsa_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:882:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_dsp[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:883:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_maxfrag_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:884:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_mixer[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:885:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_oss_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:887:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssbd_hostname[MAX_STR_LEN],ssbd_udp_port_str[EQSO_LEN];
data/tucnak-4.23/src/menu4.c:1280:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char net_if_ignore[MAX_STR_LEN],net_ip_ignore[MAX_STR_LEN],net_ip_announce[MAX_STR_LEN];
data/tucnak-4.23/src/menu4.c:1283:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char net_remote_host[MAX_STR_LEN], net_remote_port_str[EQSO_LEN], net_remote_pass[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loglines_str[MAX_STR_LEN],skedcount_str[MAX_STR_LEN],startbandchar_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfx_x_ch_str[MAX_STR_LEN],gfx_y_ch_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gfx_x_px_str[MAX_STR_LEN],gfx_y_px_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontheight_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slashkey[3];
data/tucnak-4.23/src/menu5.c:42:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (cfg->loglines != atoi(loglines_str)) resize++;
data/tucnak-4.23/src/menu5.c:52:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gfx_x_ch=atoi(gfx_x_ch_str);
data/tucnak-4.23/src/menu5.c:53:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gfx_y_ch=atoi(gfx_y_ch_str);
data/tucnak-4.23/src/menu5.c:54:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gfx_x_px=atoi(gfx_x_px_str);
data/tucnak-4.23/src/menu5.c:55:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gfx_y_px=atoi(gfx_y_px_str);
data/tucnak-4.23/src/menu5.c:74:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_fh = atoi(fontheight_str);
data/tucnak-4.23/src/menu5.c:363:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char qrgstr[256];
data/tucnak-4.23/src/menu5.c:572:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_desc[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:573:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_filename[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:574:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_model_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:576:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_speed_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:579:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_civaddr_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:580:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_ssbcw_shift_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:581:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_lo_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:583:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_poll_ms_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:585:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rig_ptt_t2r_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:588:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_model_name[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:746:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rig_civaddr_str, "0x58");
data/tucnak-4.23/src/menu5.c:749:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rig_poll_ms_str, "10");
data/tucnak-4.23/src/menu5.c:823:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rig_model = atoi(rig_model_str);
data/tucnak-4.23/src/menu5.c:1046:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_desc[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:1048:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_filename[MAX_STR_LEN], rot_hostname[MAX_STR_LEN];
data/tucnak-4.23/src/menu5.c:1049:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_port_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1050:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_vid_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1051:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_pid_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1052:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_serial[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1053:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_timeout_ms_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1054:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_poll_ms_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1055:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_beamwidth_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1056:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_saddr_str[EQSO_LEN], rot_model_str[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1057:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rot_rem_rotstr[EQSO_LEN];
data/tucnak-4.23/src/menu5.c:1106:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_port_str, "10001");
data/tucnak-4.23/src/menu5.c:1107:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_vid_str, "a600");
data/tucnak-4.23/src/menu5.c:1108:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_pid_str, "e112");
data/tucnak-4.23/src/menu5.c:1110:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_timeout_ms_str,"400");
data/tucnak-4.23/src/menu5.c:1111:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_poll_ms_str,"500");
data/tucnak-4.23/src/menu5.c:1112:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_beamwidth_str, "20");
data/tucnak-4.23/src/menu5.c:1113:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rot_saddr_str, "240");
data/tucnak-4.23/src/menu6.c:28:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char httpd_port_str[EQSO_LEN], httpd_refresh_str[EQSO_LEN];
data/tucnak-4.23/src/menu6.c:331:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_url[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:332:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_kfactor_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:333:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_arwidth_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:334:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_minelev_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:335:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_maxelev_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:336:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_mindur_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:337:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_maxdelta_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:338:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_minalt_str[DBL_LEN];
data/tucnak-4.23/src/menu6.c:339:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kst_maxqrb_str[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:475:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_speed_str[EQSO_LEN];
data/tucnak-4.23/src/menu6.c:476:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_af_speed_str[EQSO_LEN];
data/tucnak-4.23/src/menu6.c:477:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_block_str[EQSO_LEN];
data/tucnak-4.23/src/menu6.c:478:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_cw_low_str[EQSO_LEN], sdr_cw_high_str[EQSO_LEN], sdr_ssb_low_str[EQSO_LEN], sdr_ssb_high_str[EQSO_LEN];
data/tucnak-4.23/src/menu6.c:481:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_pcm_rec[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:482:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_pcm_play[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:485:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_pa_rec_src[MAX_STR_LEN], sdr_pa_play_src[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:488:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_sndfilename[MAX_STR_LEN], sdr_af_filename[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:490:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_sdr_sndfilename[MAX_STR_LEN], new_sdr_af_filename[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:491:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdr_remoterx[MAX_STR_LEN];
data/tucnak-4.23/src/menu6.c:665:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = atoi(dlg->items[sdr_samplerate_index].cdata);
data/tucnak-4.23/src/menu6.c:666:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
af_speed = atoi(dlg->items[sdr_af_samplerate_index].cdata);
data/tucnak-4.23/src/msvc.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[100];
data/tucnak-4.23/src/msvc.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exepath[MAX_PATH];
data/tucnak-4.23/src/namedb.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[102];
data/tucnak-4.23/src/namedb.c:72:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/namedb.c:138:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/namedb.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawcall[120];
data/tucnak-4.23/src/net.c:450:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gnet->remote->sin, &(addr[i].in), sizeof(struct sockaddr_in));
data/tucnak-4.23/src/net.c:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/net.c:579:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer.sin_port = htons(atoi(items[3]));
data/tucnak-4.23/src/net.c:581:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
master.sin_port = htons(atoi(items[5]));
data/tucnak-4.23/src/net.c:582:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
expire = atoi(items[6]);
data/tucnak-4.23/src/net.c:587:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tv.tv_sec = atoi(items[7]);
data/tucnak-4.23/src/net.c:604:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(items[8]) != 0) direct = 1;
data/tucnak-4.23/src/net.c:605:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (items[9] != NULL) masterpriority = atoi(items[9]);
data/tucnak-4.23/src/net.c:807:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1030];
data/tucnak-4.23/src/net.c:810:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/tucnak-4.23/src/net.c:872:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1030];
data/tucnak-4.23/src/net.c:1006:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1026];
data/tucnak-4.23/src/net.c:1121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/tucnak-4.23/src/net.c:1245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1030];
data/tucnak-4.23/src/net.c:1270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[260], *cc;
data/tucnak-4.23/src/net.c:1304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[256];
data/tucnak-4.23/src/net.c:1389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1026], ss[260], *cc;
data/tucnak-4.23/src/net.c:1922:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ccmd=(enum ccmd)atoi(items[1]);
data/tucnak-4.23/src/net.c:1955:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(items[2])==WT_OPERATOR){
data/tucnak-4.23/src/net.c:1965:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(items[2])){
data/tucnak-4.23/src/net.c:2037:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->peertx = atoi(items[2]);
data/tucnak-4.23/src/net.c:2118:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (lo != NULL) load_opts = atoi(lo);
data/tucnak-4.23/src/net.c:2501:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rwbands[40], *rwb;
data/tucnak-4.23/src/net.c:2704:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->psect = atoi(c);
data/tucnak-4.23/src/net.c:2763:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rot_seek(rot, atoi(qtf));
data/tucnak-4.23/src/net.c:2793:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bs[26+1];
data/tucnak-4.23/src/net.c:2920:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dummyq.stamp = atoi(rem_latest_str);
data/tucnak-4.23/src/net.c:2979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawcall[20];
data/tucnak-4.23/src/net.c:2986:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode=atoi(items[4]); rsts=items[5]; qsonrs=items[6]; rstr=items[7];
data/tucnak-4.23/src/net.c:2988:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
operator_=items[12]; stamp=atoi(items[13]); callsign=items[14];
data/tucnak-4.23/src/net.c:2989:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ser_id=atoi(items[16]);
data/tucnak-4.23/src/net.c:3020:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qsonr = atoi(qsonrs);
data/tucnak-4.23/src/net.c:3034:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_qsonr = atoi(lastqso->qsonrs);
data/tucnak-4.23/src/net.c:3068:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawcall2[20];
data/tucnak-4.23/src/net.c:3210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrvbands[50];
data/tucnak-4.23/src/net.c:3264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rwbands[40];
data/tucnak-4.23/src/net.c:3312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrvbands[50];
data/tucnak-4.23/src/net.c:3379:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ctest->qsoused && b->qsos->len+1 != atoi(b->tmpqsos[0].qsonrs)){
data/tucnak-4.23/src/net.c:3433:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[100];
data/tucnak-4.23/src/net.c:3442:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%4d", (int)interval);
data/tucnak-4.23/src/ntpq.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ntpq.c:66:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open("/dev/null", O_RDONLY);
data/tucnak-4.23/src/ntpq.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1030];
data/tucnak-4.23/src/os_dep.c:56:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((v = getenv(env))) return atoi(v);
data/tucnak-4.23/src/os_dep.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/tucnak-4.23/src/os_dep.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->data, ptr, l);
data/tucnak-4.23/src/os_dep.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/tucnak-4.23/src/os_dep.c:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(struct event)];
data/tucnak-4.23/src/os_dep.c:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/tucnak-4.23/src/os_dep.c:528:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts->data, ptr, l);
data/tucnak-4.23/src/os_dep.c:554:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->data, ptr, l);
data/tucnak-4.23/src/os_dep.c:849:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename="/proc/mounts","r");
data/tucnak-4.23/src/os_dep.c:850:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f) f=fopen(filename="/etc/mtab", "r");
data/tucnak-4.23/src/os_dep.c:890:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename="/proc/mounts","r");
data/tucnak-4.23/src/os_dep.c:891:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f) f=fopen(filename="/etc/mtab", "r");
data/tucnak-4.23/src/os_dep.c:967:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[1030];
data/tucnak-4.23/src/os_dep.c:994:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errstr[1030];
data/tucnak-4.23/src/oss.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/oss.c:52:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dsp->fd = open (dsp->oss_filename, rec?O_RDONLY:O_WRONLY, 0);
data/tucnak-4.23/src/oss.c:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/oss.c:225:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(dsp->oss_mixer, O_RDWR, 0);
data/tucnak-4.23/src/oss.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/oss.c:258:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(dsp->oss_mixer, O_RDWR, 0);
data/tucnak-4.23/src/oss.c:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/oss.c:299:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(dsp->oss_mixer, O_RDWR, 0);
data/tucnak-4.23/src/oss.c:324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[16];
data/tucnak-4.23/src/ppdev.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ppdev.c:36:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cwda->fd = open(cfg->cwda_device, O_RDWR|O_NONBLOCK);
data/tucnak-4.23/src/ppdev.c:43:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
devno=atoi(cfg->cwda_device+len);
data/tucnak-4.23/src/ppdev.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ppdev.c:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ppdev.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ppdev.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ppdev.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/ppdev.c:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/tucnak-4.23/src/ppdev.c:209:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "/dev/parport%d", port);
data/tucnak-4.23/src/ppdev.c:210:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(s, O_RDWR|O_NONBLOCK);
data/tucnak-4.23/src/profile.c:7:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char moduleName[MAX_PATH];
data/tucnak-4.23/src/qrvdb.c:255:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wkd[*c - 'A'] = atoi(c+1);
data/tucnak-4.23/src/qrvdb.c:263:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (str) kst_time = atoi(zs->str);
data/tucnak-4.23/src/qrvdb.c:313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[202];
data/tucnak-4.23/src/qrvdb.c:317:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/qrvdb.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_str[32], wkd_str[32*30], kst_str[20];
data/tucnak-4.23/src/qrvdb.c:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[2], d;
data/tucnak-4.23/src/qrvdb.c:352:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wkd_str+strlen(wkd_str), "%c%d", d, qi->wkd[d - 'A']);
data/tucnak-4.23/src/qrvdb.c:355:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kst_str, "%d", (int)qi->kst_time);
data/tucnak-4.23/src/qrvdb.c:365:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/qrvdb.c:841:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[25];
data/tucnak-4.23/src/qrvdb.c:1052:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kst_time_str[200];
data/tucnak-4.23/src/qrvdb.c:1053:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrb_str[400];
data/tucnak-4.23/src/qrvdb.c:1054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtf_str[20];
data/tucnak-4.23/src/qrvdb.c:1055:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acstart[30];
data/tucnak-4.23/src/qrvdb.c:1056:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char acint[30];
data/tucnak-4.23/src/qrvdb.c:1068:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (qi->qrb >= 0) sprintf(qrb_str, "%5.0fkm", qi->qrb);
data/tucnak-4.23/src/qrvdb.c:1071:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (qi->qtf >= 0) sprintf(qtf_str, "%3d%c", qi->qtf, degree);
data/tucnak-4.23/src/qrvdb.c:1076:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kst_time_str, "%2d:%02d", utc.tm_hour, utc.tm_min);
data/tucnak-4.23/src/qrvdb.c:1131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, raw[30];
data/tucnak-4.23/src/qrvdb.c:1352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/qrvdb.c:1370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/qrvdb.c:1397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/qrvdb.c:1430:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_call[EQSO_LEN];
data/tucnak-4.23/src/qrvdb.c:1431:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_wwl[EQSO_LEN];
data/tucnak-4.23/src/qrvdb.c:1432:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_qrv[32];
data/tucnak-4.23/src/qrvdb.c:1433:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_wkd[EQSO_LEN];
data/tucnak-4.23/src/qrvdb.c:1434:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrv_text[MAX_STR_LEN];
data/tucnak-4.23/src/qrvdb.c:1438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/qrvdb.c:1466:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qi->wkd[aband->bi] = atoi(qrv_wkd);
data/tucnak-4.23/src/qrvdb.c:1479:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[2];
data/tucnak-4.23/src/qrvdb.c:1498:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (aband) sprintf(qrv_qrv, "%c", aband->bandchar);
data/tucnak-4.23/src/qrvdb.c:1500:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(qrv_text, "@OP");
data/tucnak-4.23/src/qrvdb.c:1574:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/qrvdb.c:1615:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (firstdate < 0) firstdate = atoi(items[0]);
data/tucnak-4.23/src/qrvdb.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search[QRVSSIZE];
data/tucnak-4.23/src/qsodb.c:79:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[1024]; /* for msg_box */
data/tucnak-4.23/src/qsodb.c:89:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctestdate_int = atoi(ctest->cdate);
data/tucnak-4.23/src/qsodb.c:119:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctest->lockfile = fopen(c, "wt");
data/tucnak-4.23/src/qsodb.c:138:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(c, "wt");
data/tucnak-4.23/src/qsodb.c:159:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctest->logfile = fopen(c, "at");
data/tucnak-4.23/src/qsodb.c:212:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) ctest->qsoused= atoi(c);
data/tucnak-4.23/src/qsodb.c:252:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[1024]; /* for msg_box */
data/tucnak-4.23/src/qsodb.c:343:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->psect=atoi(ccc);
data/tucnak-4.23/src/qsodb.c:410:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
b->swap = fopen(c,"at");
data/tucnak-4.23/src/qsodb.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[30];
data/tucnak-4.23/src/qsodb.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[25];
data/tucnak-4.23/src/qsodb.c:683:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[25], qraw[25];
data/tucnak-4.23/src/qsodb.c:725:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (qsonrs != atoi(qso->qsonrs)) continue;
data/tucnak-4.23/src/qsodb.c:773:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (b->tmpqsos[0].qsonrs != NULL && b->qsos->len+1 != atoi(b->tmpqsos[0].qsonrs)){
data/tucnak-4.23/src/qsodb.c:1173:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[20], *pd, *line;
data/tucnak-4.23/src/qsodb.c:1208:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char raw[256];
data/tucnak-4.23/src/qsodb.c:1234:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char raw[256];
data/tucnak-4.23/src/qsodb.c:1270:118: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trace(cfg->trace_qsos, " %8s %c%03d %s:%d.%05d (qsop=%d error=%d dupe=%d) %s", q->callsign, q->band->bandchar, atoi(q->qsonrs), q->source, q->ser_id, (int)(q->stamp%100000), q->qsop, q->error, q->dupe, desc);
data/tucnak-4.23/src/qsodb.c:1274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20];
data/tucnak-4.23/src/qsodb.c:1275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/tucnak-4.23/src/qsodb.c:1542:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->qsoused = atoi(ztokenize(zsint, 1));
data/tucnak-4.23/src/qsodb.c:1543:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->qsomult = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1544:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->qsoglob = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1545:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->wwlused = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1546:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->wwlcfm = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1547:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->wwlbonu = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1548:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->wwlmult = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1549:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->excused = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1550:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->exctype = (enum exctype)atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1551:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->excbonu = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1552:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->excmult = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1553:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->exccfm = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1554:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->dxcbonu = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1555:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->dxcmult = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1556:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->rstused = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1557:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->defrstr = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1558:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->qsop_method = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1559:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->total_method = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1560:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->tttype = (enum tttype)atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1561:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->prefmult = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1562:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->prefglob = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1563:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctest->expmode = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1613:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->psect = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1614:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->readonly = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1615:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->qrg_min = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1616:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->qrg_max = atoi(ztokenize(zsint, 0));
data/tucnak-4.23/src/qsodb.c:1618:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (qsomult_str) b->qsomultb = atoi(qsomult_str);
data/tucnak-4.23/src/qsodb.c:1654:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi((*qa)->qsonrs) - atoi((*qb)->qsonrs);
data/tucnak-4.23/src/qsodb.c:1654:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi((*qa)->qsonrs) - atoi((*qb)->qsonrs);
data/tucnak-4.23/src/qsodb.c:1708:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/qsodb.c:1747:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q->mode = atoi(items[3]);
data/tucnak-4.23/src/qsodb.h:27:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) base->item = atoi(c); \
data/tucnak-4.23/src/qsodb.h:34:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) base->item = (type)atoi(c); \
data/tucnak-4.23/src/qsodb.h:41:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) base->item = atoi(c); \
data/tucnak-4.23/src/qsodb.h:48:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) base->item = (type)atoi(c); \
data/tucnak-4.23/src/rc.c:1200:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
toff->from=atoi(items[0]);
data/tucnak-4.23/src/rc.c:1201:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
toff->to=atoi(items[1]);
data/tucnak-4.23/src/rc.c:1202:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
toff->value=atoi(items[2]);
data/tucnak-4.23/src/rc.c:1308:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"rt");
data/tucnak-4.23/src/rc.c:1559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[1026];
data/tucnak-4.23/src/rc.c:1917:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wt");
data/tucnak-4.23/src/rc.c:1933:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(portrait_filename, "w");
data/tucnak-4.23/src/rc.c:1941:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(reverse_filename, "w");
data/tucnak-4.23/src/report.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[24];
data/tucnak-4.23/src/report.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/report.c:86:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wt");
data/tucnak-4.23/src/rotar.c:356:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rot->qtf=atoi(qtf);
data/tucnak-4.23/src/rotar.c:394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/tucnak-4.23/src/rotar.c:447:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rot->qtf = atoi(qtf);
data/tucnak-4.23/src/rotar.c:448:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rot->elev = atoi(elev);
data/tucnak-4.23/src/rotar.c:458:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rotar_qtf_str[EQSO_LEN], rotar_elev_str[EQSO_LEN];
data/tucnak-4.23/src/rotar.c:459:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rotar_desc1[MAX_STR_LEN], rotar_desc2[MAX_STR_LEN];
data/tucnak-4.23/src/rotar.c:463:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rot_seek(rotar, atoi(rotar_qtf_str));
data/tucnak-4.23/src/rotar.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rotstr[2];
data/tucnak-4.23/src/rtlsdr.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vendor[256], product[256], serial[256];
data/tucnak-4.23/src/sdev.c:244:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rawdata[550];
data/tucnak-4.23/src/sdev.c:261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rawdata+rawlen, data, *len); rawlen+=*len;
data/tucnak-4.23/src/sdev.c:317:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, rawdata+i+4, *len);
data/tucnak-4.23/src/sdev.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/tucnak-4.23/src/sdev.h:16:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define SDINIT char sdlen=0;int sdret;char sdbuf[256]
data/tucnak-4.23/src/sdr.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/tucnak-4.23/src/sdr.c:838:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sdr->iqdsp->open(sdr->iqdsp, 1) < 0) {
data/tucnak-4.23/src/sdr.c:843:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sdr->afdsp->open(sdr->afdsp, 0) < 0) {
data/tucnak-4.23/src/sdr.c:858:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (gssbd->dsp->open(gssbd->dsp, 0)){
data/tucnak-4.23/src/sdr.c:1151:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sdr->bal_iq, sdr->iq, sizeof(fftw_complex) * SDR_BAL_N);
data/tucnak-4.23/src/sdrc.c:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/tucnak-4.23/src/sdrc.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin.sin_addr, he->h_addr_list[0], he->h_length);
data/tucnak-4.23/src/sdrc.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1028];
data/tucnak-4.23/src/sdrc.c:151:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + datalen, src, len);
data/tucnak-4.23/src/session.c:1193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtime[6];
data/tucnak-4.23/src/session.c:1194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000], ss[500];
data/tucnak-4.23/src/session.c:1198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exc[MAX_EXC_LEN+1];
data/tucnak-4.23/src/session.c:1211:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/tucnak-4.23/src/session.c:1272:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " CW%d", gses->last_cq->nr);
data/tucnak-4.23/src/session.c:1274:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "SSB%d", gses->last_cq->nr);
data/tucnak-4.23/src/session.c:1277:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " TX");
data/tucnak-4.23/src/session.c:1279:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, " rx");
data/tucnak-4.23/src/session.c:1282:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "LOCK");
data/tucnak-4.23/src/session.c:1299:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ss, "RotA");
data/tucnak-4.23/src/session.c:1308:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ss, "RotB");
data/tucnak-4.23/src/session.c:1391:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[3];
data/tucnak-4.23/src/session.c:1404:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (sp->peertx==0) strcpy(s, "rx");
data/tucnak-4.23/src/session.c:1405:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (sp->peertx==1) strcpy(s, "tx");
data/tucnak-4.23/src/session.c:1406:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (sp->peertx==2) strcpy(s, "cq");
data/tucnak-4.23/src/session.c:1460:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/session.c:1649:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ss[20], *st;
data/tucnak-4.23/src/session.c:1693:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[2];
data/tucnak-4.23/src/session.c:1739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/tucnak-4.23/src/session.c:1742:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n=atoi(qsonrr);
data/tucnak-4.23/src/session.c:1754:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20], *c;
data/tucnak-4.23/src/session.c:1758:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_snprintf(s, 18, "%02d", atoi(exc));
data/tucnak-4.23/src/session.c:1773:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[8];
data/tucnak-4.23/src/session.c:1806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20],raw1[20];
data/tucnak-4.23/src/session.c:1860:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(raw,"/P");
data/tucnak-4.23/src/session.c:1966:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[20], *name;
data/tucnak-4.23/src/session.c:2146:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
khz = atoi(c2);
data/tucnak-4.23/src/session.c:2162:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
khz = atoi(c2);
data/tucnak-4.23/src/session.c:2444:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(c2)>=24) { add_unres(band, c); continue;}
data/tucnak-4.23/src/session.c:2445:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c4=g_strdup_printf("%02d%02d",atoi(c2),atoi(c3));
data/tucnak-4.23/src/session.c:2445:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c4=g_strdup_printf("%02d%02d",atoi(c2),atoi(c3));
data/tucnak-4.23/src/session.c:2457:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c4=g_strdup_printf("%02d%02d",utc.tm_hour, atoi(c2));
data/tucnak-4.23/src/session.c:2470:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(c2);
data/tucnak-4.23/src/session.c:2471:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi(c3);
data/tucnak-4.23/src/session.c:2472:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(c4);
data/tucnak-4.23/src/session.c:2492:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40];
data/tucnak-4.23/src/session.c:2495:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
month = atoi(c2);
data/tucnak-4.23/src/session.c:2496:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(c3);
data/tucnak-4.23/src/session.c:2505:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%04d%02d%02d", 1900+utc.tm_year, month, day);
data/tucnak-4.23/src/session.c:2617:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/tucnak-4.23/src/session.c:2714:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
khz = atoi(c2);
data/tucnak-4.23/src/session.c:2730:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
khz = atoi(c2);
data/tucnak-4.23/src/session.c:2916:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/tucnak-4.23/src/session.c:2924:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, " %d:%02d:%02d ", utc.tm_hour, utc.tm_min, utc.tm_sec);
data/tucnak-4.23/src/session.c:3032:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename, "rt");
data/tucnak-4.23/src/session.c:3043:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*val = atoi(sval);
data/tucnak-4.23/src/session.c:3071:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/tucnak-4.23/src/sked.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char callsign[EQSO_LEN], locator[EQSO_LEN];
data/tucnak-4.23/src/sked.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char time_str[EQSO_LEN], remark[MAX_STR_LEN];
data/tucnak-4.23/src/sked.c:218:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrg_str[EQSO_LEN];
data/tucnak-4.23/src/sked.c:219:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pband[EQSO_LEN]="Select"; /* TODO VTEXT(T_SELECT) */
data/tucnak-4.23/src/sked.c:220:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldpband[EQSO_LEN]="";
data/tucnak-4.23/src/sked.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10], *c;
data/tucnak-4.23/src/sked.c:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sked_time_str[32];
data/tucnak-4.23/src/sndf.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsp->sfinfo, sfinfo, sizeof(SF_INFO));
data/tucnak-4.23/src/soundwrapper.c:44:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open("/dev/console", O_WRONLY|O_SYNC);
data/tucnak-4.23/src/soundwrapper.c:51:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(argv[1]);
data/tucnak-4.23/src/ssbd.c:115:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
gchar *tmpfile;
data/tucnak-4.23/src/ssbd.c:136:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (strcmp(tmpfile, ssbd->rfilename)!=0){
data/tucnak-4.23/src/ssbd.c:137:61: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
dbg("renaming '%s' to '%s'\n", ssbd->rfilename, tmpfile);
data/tucnak-4.23/src/ssbd.c:138:37: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
rename(ssbd->rfilename, tmpfile);
data/tucnak-4.23/src/ssbd.c:140:38: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
ssbd->rfilename=g_strdup(tmpfile);
data/tucnak-4.23/src/ssbd.c:143:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
g_free(tmpfile);
data/tucnak-4.23/src/ssbd.c:249:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ssbd->dsp->open(ssbd->dsp, 0)<0) {
data/tucnak-4.23/src/ssbd.c:349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gssbd->scope_buf + gssbd->scope_i, gssbd->buffer, tocopy * sizeof(short));
data/tucnak-4.23/src/ssbd.c:490:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SF_INFO sfinfo; char errbuf[1024];
data/tucnak-4.23/src/ssbd.c:578:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ssbd->dsp->open(ssbd->dsp, 1)<0){
data/tucnak-4.23/src/ssbd.c:695:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gssbd->scope_buf + gssbd->scope_i, gssbd->buffer, tocopy * sizeof(short));
data/tucnak-4.23/src/ssbd.c:801:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vp.buf, ((char *)gssbd->buffer) + i, vp.len);
data/tucnak-4.23/src/ssbd.c:965:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iout, &iin, sizeof(SF_INFO));
data/tucnak-4.23/src/ssbd.c:1067:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
d = atoi(qso->date_str);
data/tucnak-4.23/src/ssbd.c:1068:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t = atoi(qso->time_str);
data/tucnak-4.23/src/state.c:155:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(state_getstr(state, key));
data/tucnak-4.23/src/state.c:175:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ontop = atoi(c);
data/tucnak-4.23/src/state.c:189:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(state_getstr(state, key));
data/tucnak-4.23/src/stats.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[120];
data/tucnak-4.23/src/stats.c:239:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
date = atoi(q->date_str);
data/tucnak-4.23/src/stats.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpdxcc[20];
data/tucnak-4.23/src/stats.c:742:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) ia=atoi(c+1);
data/tucnak-4.23/src/stats.c:745:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) ib=atoi(c+1);
data/tucnak-4.23/src/stats.c:997:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/stats.c:1044:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/tucnak-4.23/src/stats.c:1128:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ia=atoi(*ca);
data/tucnak-4.23/src/stats.c:1131:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ib=atoi(*cb);
data/tucnak-4.23/src/stats.c:1154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ps[40], cs[40];
data/tucnak-4.23/src/stats.c:1161:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
h=atoi(hour)+1;
data/tucnak-4.23/src/stats.c:1355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100], hourbefore[100];
data/tucnak-4.23/src/stats.c:1361:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hourbefore, "%4d%02d%02d%02d%02d",1900+utc.tm_year, 1+utc.tm_mon, utc.tm_mday, utc.tm_hour, utc.tm_min);
data/tucnak-4.23/src/stats.c:1418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100], hourbefore[100], tenbefore[100];
data/tucnak-4.23/src/stats.c:1434:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hourbefore, "%4d%02d%02d%02d%02d",1900+utc.tm_year, 1+utc.tm_mon, utc.tm_mday, utc.tm_hour, utc.tm_min);
data/tucnak-4.23/src/stats.c:1438:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tenbefore, "%4d%02d%02d%02d%02d",1900+utc.tm_year, 1+utc.tm_mon, utc.tm_mday, utc.tm_hour, utc.tm_min);
data/tucnak-4.23/src/subwin.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemcp[32];
data/tucnak-4.23/src/subwin.c:123:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/tucnak-4.23/src/subwin.c:124:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "echo -n \"$HOSTNAME $PWD\\$ \"\n");
data/tucnak-4.23/src/subwin.c:129:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(oemcp, "CP%d", GetOEMCP());
data/tucnak-4.23/src/subwin.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/subwin.c:208:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "../src/_SPOTS");
data/tucnak-4.23/src/subwin.c:210:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "rt");
data/tucnak-4.23/src/subwin.c:211:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f) f = fopen("_SPOTS", "rt");
data/tucnak-4.23/src/subwin.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/tucnak-4.23/src/subwin.c:379:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "../src/_KST");
data/tucnak-4.23/src/subwin.c:381:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(s, "rt");
data/tucnak-4.23/src/subwin.c:382:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f) f = fopen("_KST", "rt");
data/tucnak-4.23/src/subwin.c:576:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fill, " ");
data/tucnak-4.23/src/subwin.c:1394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dtime[6];
data/tucnak-4.23/src/subwin.c:1414:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dateband[16];
data/tucnak-4.23/src/subwin.c:1415:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[50];
data/tucnak-4.23/src/subwin.c:1416:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_[10];
data/tucnak-4.23/src/subwin.c:1417:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qsop[15];
data/tucnak-4.23/src/subwin.c:1419:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qtf[15];
data/tucnak-4.23/src/subwin.c:1420:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exc[10];
data/tucnak-4.23/src/subwin.c:1436:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(call, "ERROR");
data/tucnak-4.23/src/subwin.c:1448:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (!q->dupe) sprintf(qsop,"%6d", q->qsop);
data/tucnak-4.23/src/subwin.c:1449:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(qsop, "DUPE");
data/tucnak-4.23/src/subwin.c:1477:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(qtf,"%3d", q->qtf);
data/tucnak-4.23/src/subwin.c:1480:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (sdl) strcat(qtf, "\xb0");
data/tucnak-4.23/src/subwin.c:1486:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dateband, " ", 10);
data/tucnak-4.23/src/subwin.c:1488:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dateband+2, q->band->bandname, Z_MIN(len, 8));
data/tucnak-4.23/src/subwin.c:1492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qrgstr[50];
data/tucnak-4.23/src/subwin.c:1894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/tucnak-4.23/src/subwin.c:1897:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "echo -n \"$HOSTNAME $PWD\\$ \"\n");
data/tucnak-4.23/src/subwin.c:1911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1030], *d;
data/tucnak-4.23/src/subwin.c:1914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1030], *pbuf, *pbuf2;
data/tucnak-4.23/src/subwin.c:1979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, call[25];
data/tucnak-4.23/src/subwin.c:2350:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wt");
data/tucnak-4.23/src/terminal.c:400:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, &dumb_term, sizeof(struct term_spec));
data/tucnak-4.23/src/terminal.c:402:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(t->term, term, MAX_TERM_LEN - 1), t->term[MAX_TERM_LEN - 1] = 0;
data/tucnak-4.23/src/terminal.c:735:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame_dumb[49] = " ||||++||++++++--|-+||++--|-+----++++++++ ";
data/tucnak-4.23/src/terminal.c:736:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame_vt100[49] = "aaaxuuukkuxkjjjkmvwtqnttmlvwtqnvvwwmmllnnjla ";
data/tucnak-4.23/src/terminal.c:739:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char frame_vt100_u[48] = {
data/tucnak-4.23/src/terminal.c:748:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame_koi[48] = {
data/tucnak-4.23/src/terminal.c:757:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame_restrict[48] = {
data/tucnak-4.23/src/terminal.c:819:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[4]; \
data/tucnak-4.23/src/terminal.c:891:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(term->last_screen, term->screen, term->x * term->y * sizeof(int));
data/tucnak-4.23/src/terminal.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[MAX_TERM_LEN];
data/tucnak-4.23/src/terminal.h:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[MAX_TERM_LEN];
data/tucnak-4.23/src/titlpage.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/titlpage.c:42:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(SHAREDIR"/titlpage.html", "rt");
data/tucnak-4.23/src/titlpage.c:85:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wt");
data/tucnak-4.23/src/titlpage.c:161:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[100];
data/tucnak-4.23/src/translate.c:21:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translate_key[MAX_STR_LEN];
data/tucnak-4.23/src/translate.c:22:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translate_oldkey[MAX_STR_LEN];
data/tucnak-4.23/src/translate.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translate_text[MAX_STR_LEN];
data/tucnak-4.23/src/translate.c:73:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(translate_lng_file, "rt");
data/tucnak-4.23/src/translate.c:117:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(translate_c_file, "rt");
data/tucnak-4.23/src/translate.c:241:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(translate_c_file, "wb");
data/tucnak-4.23/src/translate.c:290:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(translate_lng_file, "ab");
data/tucnak-4.23/src/translate.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[256];
data/tucnak-4.23/src/translate.c:316:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dir, "../src/");
data/tucnak-4.23/src/tregex.c:79:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ppc, string+match[i].rm_so, match[i].rm_eo - match[i].rm_so );
data/tucnak-4.23/src/trig.c:149:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rignr = atoi(items[1]);
data/tucnak-4.23/src/trig.c:196:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trigs->rit = atol(items[3]);
data/tucnak-4.23/src/trig.c:730:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[20];
data/tucnak-4.23/src/tsdl.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/tucnak-4.23/src/tsdl.c:675:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(term->last_screen, term->screen, term->x * term->y * sizeof(int));
data/tucnak-4.23/src/tsdl.c:750:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iso[10];
data/tucnak-4.23/src/tsdl.c:751:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uni[2];
data/tucnak-4.23/src/tsdl.c:1414:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + 3, c, strlen(c));
data/tucnak-4.23/src/txts.h:3:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_aircrafts[5075];
data/tucnak-4.23/src/txts.h:4:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_cty[65527];
data/tucnak-4.23/src/txts.h:5:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_cty1[17792];
data/tucnak-4.23/src/txts.h:6:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master[65525];
data/tucnak-4.23/src/txts.h:7:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master1[65523];
data/tucnak-4.23/src/txts.h:8:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master2[65528];
data/tucnak-4.23/src/txts.h:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master3[65530];
data/tucnak-4.23/src/txts.h:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master4[65520];
data/tucnak-4.23/src/txts.h:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master5[65523];
data/tucnak-4.23/src/txts.h:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_master6[26674];
data/tucnak-4.23/src/txts.h:13:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_titlpage[8182];
data/tucnak-4.23/src/txts.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakcw[8829];
data/tucnak-4.23/src/txts.h:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnaknames[58946];
data/tucnak-4.23/src/txts.h:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakrc[20370];
data/tucnak-4.23/src/txts.h:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakdw[20043];
data/tucnak-4.23/src/txts.h:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakwiz[12355];
data/tucnak-4.23/src/txts.h:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexckac[247];
data/tucnak-4.23/src/txts.h:20:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcdok[4711];
data/tucnak-4.23/src/txts.h:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcagcw[10];
data/tucnak-4.23/src/txts.h:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcokres[725];
data/tucnak-4.23/src/txts.h:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcrsgbdc[429];
data/tucnak-4.23/src/txts.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcuba[617];
data/tucnak-4.23/src/txts.h:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcusaca[496];
data/tucnak-4.23/src/txts.h:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcwna[247];
data/tucnak-4.23/src/txts.h:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcwsa[238];
data/tucnak-4.23/src/txts.h:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_tucnakvexcrcont[201];
data/tucnak-4.23/src/txts.h:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_update_deb[804];
data/tucnak-4.23/src/txts.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char txt_update_eee[414];
data/tucnak-4.23/src/uhpd.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/tucnak-4.23/src/update.c:133:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(update_sh_file, "wt");
data/tucnak-4.23/src/update.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ver[1000], *c, *n, *newver;
data/tucnak-4.23/src/update.c:232:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
update_n = atoi(n);
data/tucnak-4.23/src/vhfcontestnet.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxcc[256];
data/tucnak-4.23/src/vhfcontestnet.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096];
data/tucnak-4.23/src/vhfcontestnet.c:162:82: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
add_to_menu(&mi, g_strdup(d2),"", "", vhfcontestnet_contest, GINT_TO_POINTER(atoi(c2)), 0);
data/tucnak-4.23/src/vhfcontestnet.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096], *c, *log;
data/tucnak-4.23/src/voip.c:213:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->sin.sin_port = htons(atoi(colon+1));
data/tucnak-4.23/src/voip.c:232:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->sin.sin_port = htons(atoi(colon+1));
data/tucnak-4.23/src/voip.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/tucnak-4.23/src/voip.c:453:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dsp->open(dsp, 0)<0) {
data/tucnak-4.23/src/wiki.c:72:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(ctest->cdate);
data/tucnak-4.23/src/wiki.c:99:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) ia=atoi(c+1);
data/tucnak-4.23/src/wiki.c:102:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (c) ib=atoi(c+1);
data/tucnak-4.23/src/wiki.c:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callbuf[20];
data/tucnak-4.23/src/wiki.c:305:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filename,"wt");
data/tucnak-4.23/src/wiki.c:333:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wiki_url[MAX_STR_LEN];
data/tucnak-4.23/src/wiki.c:334:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wiki_user[MAX_STR_LEN];
data/tucnak-4.23/src/wiki.c:335:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wiki_pass[MAX_STR_LEN];
data/tucnak-4.23/src/wiki.c:336:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wiki_page[MAX_STR_LEN];
data/tucnak-4.23/src/winkey.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/tucnak-4.23/src/winkey.c:116:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "\x05%c\x1f\xff", cfg->cwda_minwpm);
data/tucnak-4.23/src/winkey.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/winkey.c:196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\x18%c", onoff ? '\x01' : '\x00');
data/tucnak-4.23/src/winkey.c:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/winkey.c:226:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\x02%c", wpm);
data/tucnak-4.23/src/winkey.c:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/winkey.c:237:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,"\x03%c", weight );
data/tucnak-4.23/src/winkey.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/winkey.c:246:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "\x0b%c", tune ? '\x01' : '\x00');
data/tucnak-4.23/src/winkey.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[16];
data/tucnak-4.23/src/winkey.c:256:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "\x08");
data/tucnak-4.23/src/winkey.c:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024], status;
data/tucnak-4.23/src/wizz.c:19:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wi->name = atoi(item); \
data/tucnak-4.23/src/wizz.c:24:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wi->name = (type)atoi(item); \
data/tucnak-4.23/src/wizz.c:95:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rt");
data/tucnak-4.23/src/wizz.c:147:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wqi->qsomult = atoi(item);
data/tucnak-4.23/src/zosk.c:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char txt[5];
data/tucnak-4.23/src/zosk.c:319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cc[2];
data/tucnak-4.23/src/zosk.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[5], textFn[5], textShift[5];
data/tucnak-4.23/src/zstring.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zs->str, str, len + 1);
data/tucnak-4.23/src/ac.c:179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) > 0 && c[strlen(c) - 1] == '"') c[strlen(c) - 1] = '\0';
data/tucnak-4.23/src/ac.c:179:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) > 0 && c[strlen(c) - 1] == '"') c[strlen(c) - 1] = '\0';
data/tucnak-4.23/src/ac.c:179:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) > 0 && c[strlen(c) - 1] == '"') c[strlen(c) - 1] = '\0';
data/tucnak-4.23/src/ac.c:181:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ac->icao) > 2 && acs_get_wingspan(acs, ac->icao) == 0) dbg("Unknown ICAO %s\n", ac->icao);
data/tucnak-4.23/src/ac.c:207:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(data);
data/tucnak-4.23/src/ac.c:779:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/tucnak-4.23/src/ac.c:862:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/tucnak-4.23/src/ac.c:944:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!wwl || strlen(wwl) < 6){
data/tucnak-4.23/src/ac.c:1014:31: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ((flags & 1) == 0) strcat(acint, " ");
data/tucnak-4.23/src/adif.c:22:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_STR(iname,item) if (strlen(item)) g_string_append_printf(gs,"<%s:%d>%s ",iname, (int)strlen(item),safe_strncpy0(s,item,1024))
data/tucnak-4.23/src/adif.c:22:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_STR(iname,item) if (strlen(item)) g_string_append_printf(gs,"<%s:%d>%s ",iname, (int)strlen(item),safe_strncpy0(s,item,1024))
data/tucnak-4.23/src/adif.c:23:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_STR_UC(iname,item) if (strlen(item)) g_string_append_printf(gs,"<%s:%d>%s ",iname,(int)strlen(item),z_str_uc(safe_strncpy0(s,item,1024)))
data/tucnak-4.23/src/adif.c:23:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_STR_UC(iname,item) if (strlen(item)) g_string_append_printf(gs,"<%s:%d>%s ",iname,(int)strlen(item),z_str_uc(safe_strncpy0(s,item,1024)))
data/tucnak-4.23/src/adif.c:24:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_DATE(iname,item) if (strlen(item)) g_string_append_printf(gs,"<%s:%d>%s ",iname, (int)strlen(item),safe_strncpy0(s,item,1024))
data/tucnak-4.23/src/adif.c:24:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_DATE(iname,item) if (strlen(item)) g_string_append_printf(gs,"<%s:%d>%s ",iname, (int)strlen(item),safe_strncpy0(s,item,1024))
data/tucnak-4.23/src/adif.c:25:104: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define ADIF_INT(iname,item) sprintf(s,"%d",item); g_string_append_printf(gs,"<%s:%d>%s ",iname, (int)strlen(s),s)
data/tucnak-4.23/src/adif.c:157:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (q->rsts && strlen(q->rsts)>=3 && q->rsts[2]=='A'){
data/tucnak-4.23/src/adif.c:159:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
}else if (q->rsts && strlen(q->rsts)==3 && q->rsts[2]=='S'){
data/tucnak-4.23/src/adif.c:161:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
}else if (q->rsts && strlen(q->rsts)==3 && q->rsts[2]=='F'){
data/tucnak-4.23/src/adif.c:169:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_printf(gs,"<%s:%d>%s ", "FREQ", (int)strlen(s),s);
data/tucnak-4.23/src/adif.c:245:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc=fgetc(f))!=EOF){
data/tucnak-4.23/src/adif.c:256:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((cc=fgetc(f))!=EOF){
data/tucnak-4.23/src/adif.c:264:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gs->str[strlen(items[0])]='\0';
data/tucnak-4.23/src/adif.c:348:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q->time_str)>4) q->time_str[4]='\0';
data/tucnak-4.23/src/adif.c:417:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc = fgetc(f);
data/tucnak-4.23/src/alsa.c:544:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dsp || !dsp->alsa_mixer || strlen(dsp->alsa_mixer) == 0) return 0;
data/tucnak-4.23/src/alsa.c:564:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(labels->str)>0) g_string_append_c(labels, ';');
data/tucnak-4.23/src/bfu.c:137:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(_(menu->items[my].text)) + strlen(_(menu->items[my].rtext)) + MENU_HOTKEY_SPACE * (_(menu->items[my].rtext)[0] != 0) + 4;
data/tucnak-4.23/src/bfu.c:137:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(_(menu->items[my].text)) + strlen(_(menu->items[my].rtext)) + MENU_HOTKEY_SPACE * (_(menu->items[my].rtext)[0] != 0) + 4;
data/tucnak-4.23/src/bfu.c:143:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = strlen(menu->title) + 4;
data/tucnak-4.23/src/bfu.c:194:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(menu->x + 2, menu->y, strlen(menu->title), menu->title, COLOR_MENU_FRAME);
data/tucnak-4.23/src/bfu.c:195:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_char(menu->x + 2 + strlen(menu->title), menu->y, COLOR_MENU_FRAME | ' ');
data/tucnak-4.23/src/bfu.c:211:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(_(menu->items[p].rtext));
data/tucnak-4.23/src/bfu.c:400:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill_area(p+strlen(tmptext)+2, 0, 2, 1, co);
data/tucnak-4.23/src/bfu.c:446:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(tmptext) + 4;
data/tucnak-4.23/src/bfu.c:567:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(di->x, di->y, strlen(di->cdata + di->vpos) <= di->l ? strlen(di->cdata + di->vpos) : di->l, di->cdata + di->vpos, COLOR_DIALOG_FIELD_TEXT);
data/tucnak-4.23/src/bfu.c:567:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(di->x, di->y, strlen(di->cdata + di->vpos) <= di->l ? strlen(di->cdata + di->vpos) : di->l, di->cdata + di->vpos, COLOR_DIALOG_FIELD_TEXT);
data/tucnak-4.23/src/bfu.c:569:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else fill_area(di->x, di->y, strlen(di->cdata + di->vpos) <= di->l ? strlen(di->cdata + di->vpos) : di->l, 1, COLOR_DIALOG_FIELD_TEXT | '*');
data/tucnak-4.23/src/bfu.c:569:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else fill_area(di->x, di->y, strlen(di->cdata + di->vpos) <= di->l ? strlen(di->cdata + di->vpos) : di->l, 1, COLOR_DIALOG_FIELD_TEXT | '*');
data/tucnak-4.23/src/bfu.c:579:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(di->x + 2, di->y, strlen(text), text, co);
data/tucnak-4.23/src/bfu.c:580:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(di->x + 2 + strlen(text), di->y, 2, " ]", co);
data/tucnak-4.23/src/bfu.c:640:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(s)) > di->item->dlen) l = di->item->dlen - 1;
data/tucnak-4.23/src/bfu.c:650:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ev->y != di->y || ev->x < di->x || ev->x >= di->x + strlen(_(di->item->text)) + 4) return 0;
data/tucnak-4.23/src/bfu.c:662:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((di->cpos = di->vpos + ev->x - di->x) > strlen(di->cdata)) di->cpos = strlen(di->cdata);
data/tucnak-4.23/src/bfu.c:662:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((di->cpos = di->vpos + ev->x - di->x) > strlen(di->cdata)) di->cpos = strlen(di->cdata);
data/tucnak-4.23/src/bfu.c:708:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(_(dlg->dlg->title));
data/tucnak-4.23/src/bfu.c:768:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
di->cpos = strlen(di->cdata);
data/tucnak-4.23/src/bfu.c:811:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (di->cpos < strlen(di->cdata)) di->cpos++;
data/tucnak-4.23/src/bfu.c:820:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
di->cpos = strlen(di->cdata);
data/tucnak-4.23/src/bfu.c:824:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(di->cdata + di->cpos - 1, di->cdata + di->cpos, strlen(di->cdata) - di->cpos + 1);
data/tucnak-4.23/src/bfu.c:829:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (di->cpos < strlen(di->cdata))
data/tucnak-4.23/src/bfu.c:830:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(di->cdata + di->cpos, di->cdata + di->cpos + 1, strlen(di->cdata) - di->cpos + 1);
data/tucnak-4.23/src/bfu.c:833:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(di->cdata, di->cdata + di->cpos, strlen(di->cdata + di->cpos) + 1);
data/tucnak-4.23/src/bfu.c:852:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(di->cdata , clipboard, di->item->dlen);
data/tucnak-4.23/src/bfu.c:854:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
di->cpos = strlen(di->cdata);
data/tucnak-4.23/src/bfu.c:860:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(di->cdata) < di->item->dlen - 1) {
data/tucnak-4.23/src/bfu.c:861:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(di->cdata + di->cpos + 1, di->cdata + di->cpos, strlen(di->cdata) - di->cpos + 1);
data/tucnak-4.23/src/bfu.c:1097:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < n; i++) w += strlen(_((butt++)->item->text)) + 6;
data/tucnak-4.23/src/bfu.c:1105:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int w = strlen(_((butt++)->item->text)) + 4;
data/tucnak-4.23/src/bfu.c:1131:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (butt[i].l = strlen(_(butt[i].item->text)) + 4) + 2;
data/tucnak-4.23/src/bfu.c:1159:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += (butt[i].l = strlen(_(butt[i].item->text)) + 4) + 2;
data/tucnak-4.23/src/bfu.c:1220:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->item->type == D_BUTTON ? strlen(_(item->item->text)) + 5 : item->item->dlen + 1;
data/tucnak-4.23/src/bfu.c:1221:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wx += strlen(_(texts[0]));
data/tucnak-4.23/src/bfu.c:1234:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->item->type == D_BUTTON ? strlen(_(item->item->text)) + 5 : item->item->dlen + 1;
data/tucnak-4.23/src/bfu.c:1235:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wx += strlen(_(texts[0]));
data/tucnak-4.23/src/bfu.c:1254:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_(item->item->text)) + 5 :
data/tucnak-4.23/src/bfu.c:1256:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_(texts[0])[0]) sl = strlen(_(texts[0]));
data/tucnak-4.23/src/bfu.c:1266:110: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(x + nx + 4 * (item->item->type == D_CHECKBOX || item->item->type == D_CHECKBOX3), *y, strlen(_(texts[0])), _(texts[0]), COLOR_DIALOG_TEXT);
data/tucnak-4.23/src/bfu.c:1274:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen=strlen(_(texts[0]));
data/tucnak-4.23/src/bfu.c:1299:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_(item->item->text)) + 5 :
data/tucnak-4.23/src/bfu.c:1301:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_(texts[0])[0]) sl = strlen(_(texts[0]));
data/tucnak-4.23/src/bfu.c:1311:110: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(x + nx + 4 * (item->item->type == D_CHECKBOX || item->item->type == D_CHECKBOX3), *y, strlen(_(texts[0])), _(texts[0]), COLOR_DIALOG_TEXT);
data/tucnak-4.23/src/bfu.c:1319:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen=strlen(_(texts[0]));
data/tucnak-4.23/src/bfu.c:1563:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_file)){
data/tucnak-4.23/src/bfu.c:1576:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlg->items[i].cpos = strlen(dlg->items[i].cdata);
data/tucnak-4.23/src/bfu.c:1577:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_file, "");
data/tucnak-4.23/src/bfu.c:1593:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_file, "");
data/tucnak-4.23/src/bfu.c:1600:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(def) + 1 > l)
data/tucnak-4.23/src/bfu.c:1725:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(citem->text);
data/tucnak-4.23/src/bfu.c:1806:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlgd->items[dlgd->ofs+i].item->type == D_BUTTON ? strlen(_(dlgd->items[dlgd->ofs+i].item->text)) + 5 : dlgd->items[dlgd->ofs+i].item->dlen + 1;
data/tucnak-4.23/src/bfu.c:1808:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wx += strlen(_(dlgd->items[dlgd->ofs+i].item->msg));
data/tucnak-4.23/src/bfu.c:1820:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_(item->item->text)) + 5 :
data/tucnak-4.23/src/bfu.c:1822:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_(item->item->msg)) sl = strlen(_(item->item->msg));
data/tucnak-4.23/src/bfu.c:1841:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_(item->item->text)) + 5 :
data/tucnak-4.23/src/bfu.c:1843:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_(item->item->msg)) sl = strlen(_(item->item->msg));
data/tucnak-4.23/src/bfu.c:1851:142: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(dlgd->x + DIALOG_LB + nx + 4 * (item->item->type == D_CHECKBOX || item->item->type == D_CHECKBOX3), dlgd->yy, strlen(_(item->item->msg)), _(item->item->msg), COLOR_DIALOG_TEXT);
data/tucnak-4.23/src/bfu.c:1858:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (item->item->msg) stringlen = strlen(_(item->item->msg));
data/tucnak-4.23/src/bfu.c:1928:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = strncmp((char *)de->d_name, complete_file, strlen(complete_file));
data/tucnak-4.23/src/bfu.c:1981:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
di->cpos = strlen(di->cdata);
data/tucnak-4.23/src/bfu.c:1987:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/bfu.c:1987:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/button.c:105:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->w = zsdl_h2w(font_h) * strlen(b->text);
data/tucnak-4.23/src/cabrillo.c:24:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(src);
data/tucnak-4.23/src/cabrillo.c:34:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(src);
data/tucnak-4.23/src/cabrillo.c:101:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(band->remarks) > 0){
data/tucnak-4.23/src/cabrillo.c:167:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d && ctest->excused && strlen(q->exc) > 0) d = q->exc;
data/tucnak-4.23/src/cabrillo.c:168:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d && ctest->wwlused && strlen(q->locator) > 0) d = q->locator;
data/tucnak-4.23/src/cabrillo.c:169:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d && ctest->qsoused && strlen(q->qsonrr) > 0) d = q->qsonrr;
data/tucnak-4.23/src/cabrillo.c:170:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d && strlen(q->exc) > 0) d = q->exc;
data/tucnak-4.23/src/cabrillo.c:171:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d && strlen(q->locator) > 0) d = q->locator;
data/tucnak-4.23/src/cabrillo.c:172:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d && strlen(q->qsonrr) > 0) d = q->qsonrr;
data/tucnak-4.23/src/cabrillo.c:191:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, "-");
data/tucnak-4.23/src/cabrillo.c:193:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, "-");
data/tucnak-4.23/src/cabrillo.c:206:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(f, "%s ", padr(s, t, strlen(ctest->pexch)));
data/tucnak-4.23/src/charsets.c:324:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(codepages[i].aliases[a]) > ll) {
data/tucnak-4.23/src/charsets.c:325:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(codepages[i].aliases[a]);
data/tucnak-4.23/src/chart.c:122:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) > max) max = strlen(c);
data/tucnak-4.23/src/chart.c:122:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) > max) max = strlen(c);
data/tucnak-4.23/src/chart.c:190:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sw->ch_left = LEFT + strlen(s) * FONT_W;
data/tucnak-4.23/src/chart.c:256:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zsdl_printf(sw->screen, sw->ch_left - 4 - strlen(s) * FONT_W, y - FONT_H / 2, sdl->gr[13], 0, 0, s);
data/tucnak-4.23/src/cwdaemon.c:286:23: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case '^': strcpy(s, "^"); break;
data/tucnak-4.23/src/cwdaemon.c:287:23: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case ' ': strcpy(s, " "); break;
data/tucnak-4.23/src/cwdaemon.c:292:23: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case 'E': strcpy(s, "."); break;
data/tucnak-4.23/src/cwdaemon.c:307:23: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
case 'T': strcpy(s, "-"); break;
data/tucnak-4.23/src/cwdaemon.c:695:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
z_pipe_write(cwda->pipe_write, text, strlen(text));
data/tucnak-4.23/src/cwdaemon.c:888:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, text, strlen(text)+1, 0); /* reset */
data/tucnak-4.23/src/cwdaemon.c:901:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:910:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:921:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:932:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:953:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:964:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:983:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(cwda->sock, s, strlen(s)+1, 0);
data/tucnak-4.23/src/cwdaemon.c:1425:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (d != NULL) c += strlen("$C");
data/tucnak-4.23/src/cwdaemon.c:1566:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ac_txts[i])>max) max = strlen(ac_txts[i]);
data/tucnak-4.23/src/cwdaemon.c:1566:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ac_txts[i])>max) max = strlen(ac_txts[i]);
data/tucnak-4.23/src/cwdb.c:464:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret=strlen(qrv_str)?qrv_str:NULL;
data/tucnak-4.23/src/cwdb.c:497:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(degree, "");
data/tucnak-4.23/src/cwdb.c:551:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)<2) {
data/tucnak-4.23/src/cwdb.c:652:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q->locator)!=6) continue;
data/tucnak-4.23/src/cwdb.c:741:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(degree, "");
data/tucnak-4.23/src/davac4.c:271:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serial)>0 && serial[0]!='?')
data/tucnak-4.23/src/dsp.h:118:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct dsp *dsp, void *data, int frames);
data/tucnak-4.23/src/dwdb.c:444:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(prefs[i])>2 && !isdigit(prefs[i][ strlen(prefs[i])-1])) continue;
data/tucnak-4.23/src/dwdb.c:444:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(prefs[i])>2 && !isdigit(prefs[i][ strlen(prefs[i])-1])) continue;
data/tucnak-4.23/src/dwdb.c:514:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dxcc) == strlen(call)) {
data/tucnak-4.23/src/dwdb.c:514:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dxcc) == strlen(call)) {
data/tucnak-4.23/src/dwdb.c:520:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_erase(call2, 0, strlen(dxcc));
data/tucnak-4.23/src/dwdb.c:733:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s1, "/");
data/tucnak-4.23/src/dwdb.c:736:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)+1]='\0';
data/tucnak-4.23/src/dwdb.c:737:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)]='0'+k;
data/tucnak-4.23/src/dwdb.c:911:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
}else if (strlen(INPUTLN(aband)->cdata) > 0){
data/tucnak-4.23/src/dwdb.c:921:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
}else if (aband && (!TMPQ.callsign || !strlen(TMPQ.callsign))){
data/tucnak-4.23/src/dwdb.c:1063:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>4) s[4]='\0';
data/tucnak-4.23/src/dwdb.c:1098:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1]='\0';
data/tucnak-4.23/src/dwdb.c:1111:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1]='\0';
data/tucnak-4.23/src/dwdb.c:1133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c2 != NULL && strlen(c2) == 1 && isdigit(c2[0]))
data/tucnak-4.23/src/dxc.c:144:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)<MIN_SPOTLEN) return NULL;
data/tucnak-4.23/src/dxc.c:145:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(str, STR_DX_DE, strlen(STR_DX_DE))!=0) return NULL;
data/tucnak-4.23/src/dxc.c:165:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(callsign)<3) goto x;
data/tucnak-4.23/src/dxc.c:167:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)>ZULU_OFS){
data/tucnak-4.23/src/dxc.c:179:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)>TEXT_OFS){
data/tucnak-4.23/src/dxc.c:181:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str)>ZULU_OFS){
data/tucnak-4.23/src/dxc.c:403:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sw->il->cdata) < 1){
data/tucnak-4.23/src/dxc.c:703:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!line || strlen(line) <= sw->ho) continue;
data/tucnak-4.23/src/dxc.c:737:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lll = strlen(s);
data/tucnak-4.23/src/dxc.c:809:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(sw->sock, str, strlen(str), 0);
data/tucnak-4.23/src/dxc.c:974:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qrgstr) > 11) qrgstr[10] = '\0';
data/tucnak-4.23/src/dxc.c:1039:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x < 0 || x >= strlen(s)) return NULL;
data/tucnak-4.23/src/dxc.c:1055:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/tucnak-4.23/src/dxc.c:1183:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 29) return COL_NORM;
data/tucnak-4.23/src/dxc.c:1200:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 9) return 0;
data/tucnak-4.23/src/dxc.c:1276:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) >= 2 && str[0] == 'D' && str[1] == 'X'){
data/tucnak-4.23/src/ebw.c:113:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wwl && strlen(wwl)==6){
data/tucnak-4.23/src/ebw.c:121:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (namedb && name && strlen(name)>=2){
data/tucnak-4.23/src/edi.c:40:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (q->date_str && strlen(q->date_str)>2){
data/tucnak-4.23/src/edi.c:430:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!cfg->as_floppy_path || strlen(cfg->as_floppy_path)==0) return NULL;
data/tucnak-4.23/src/edi.c:758:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[0])>6)
data/tucnak-4.23/src/edi.c:818:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>2 && items[4]) {
data/tucnak-4.23/src/edi.c:1339:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = fprintf(f, "%s", s) != strlen(s);
data/tucnak-4.23/src/error.c:334:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c=debug_mem_alloc(file, line, strlen(str)+1);
data/tucnak-4.23/src/error.c:345:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(str);
data/tucnak-4.23/src/error.c:349:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(c, str, l);
data/tucnak-4.23/src/error.c:402:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len+=strlen(c);
data/tucnak-4.23/src/error.c:414:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
d+=strlen(c);
data/tucnak-4.23/src/fifo.c:108:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(c);
data/tucnak-4.23/src/fifo.c:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(c);
data/tucnak-4.23/src/fifo.c:174:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(c);
data/tucnak-4.23/src/fifo.c:218:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long len = strlen(data);
data/tucnak-4.23/src/fifo.c:243:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c && strlen(c)>fifo->ho)
data/tucnak-4.23/src/fifo.c:264:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret!=strlen(c)+1) {
data/tucnak-4.23/src/fifo.c:325:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/tucnak-4.23/src/fifo.c:335:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/tucnak-4.23/src/hdkeyb.c:66:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(hdkeyb->qtfstr);
data/tucnak-4.23/src/hdkeyb.c:126:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(hdkeyb->qtfstr);
data/tucnak-4.23/src/hdkeyb.c:152:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hdkeyb->qtfstr, "");
data/tucnak-4.23/src/hdkeyb.c:179:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hdkeyb->qtfstr) > 0){
data/tucnak-4.23/src/hdkeyb.c:219:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(300000);
data/tucnak-4.23/src/hdkeyb.c:244:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ss, "");
data/tucnak-4.23/src/hdkeyb.c:258:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ss)==0) break;
data/tucnak-4.23/src/hdkeyb.c:259:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss[strlen(ss)-1]='\0';
data/tucnak-4.23/src/hdkeyb.c:262:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ss)==15) break;
data/tucnak-4.23/src/hdkeyb.c:263:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss[strlen(ss)+1]='\0';
data/tucnak-4.23/src/hdkeyb.c:264:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss[strlen(ss)]=a;
data/tucnak-4.23/src/header.h:491:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/tucnak-4.23/src/hf.c:139:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(c);
data/tucnak-4.23/src/hf.c:163:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x + strlen(c) > RATEBOUND) {
data/tucnak-4.23/src/hf.c:169:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(c) + 1;
data/tucnak-4.23/src/hf.c:199:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(s);
data/tucnak-4.23/src/hf.c:201:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clip_printf(sw, RATEBOUND+4-strlen(s), i+2, COL_NORM, s);
data/tucnak-4.23/src/hf.c:218:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clip_printf(sw, LASTBOUND - 1 - strlen(s), i+3, COL_NORM, s);
data/tucnak-4.23/src/hf.c:248:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(s);
data/tucnak-4.23/src/hf.c:250:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clip_printf(sw, 4-strlen(s), y, col, s);
data/tucnak-4.23/src/hf.c:266:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(t, "");
data/tucnak-4.23/src/hf.c:268:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, " ");
data/tucnak-4.23/src/hf.c:272:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, " ");
data/tucnak-4.23/src/hf.c:276:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(t, " ");
data/tucnak-4.23/src/hf.c:281:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clip_printf(sw, 33-strlen(s), y, col, s);
data/tucnak-4.23/src/hf.c:285:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clip_printf(sw, 39-strlen(s), y, col, s);
data/tucnak-4.23/src/hf.c:327:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int xx = sw->x + LASTBOUND+2+strlen(s);
data/tucnak-4.23/src/hf.c:333:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clip_printf(sw, LASTBOUND + 2 + strlen(s), 9, COL_NORM, " deg");
data/tucnak-4.23/src/httpd.c:595:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call)){
data/tucnak-4.23/src/httpd.c:628:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
page = conn->request->str + strlen("GET") + 1;
data/tucnak-4.23/src/inputln.c:38:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(il->x, il->y, strlen(il->cdata + il->vpos) <= il->l ? strlen(il->cdata + il->vpos) : il->l, il->cdata + il->vpos, COL_INV);
data/tucnak-4.23/src/inputln.c:38:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(il->x, il->y, strlen(il->cdata + il->vpos) <= il->l ? strlen(il->cdata + il->vpos) : il->l, il->cdata + il->vpos, COL_INV);
data/tucnak-4.23/src/inputln.c:63:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)==0) return;
data/tucnak-4.23/src/inputln.c:83:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(il->cdata,
data/tucnak-4.23/src/inputln.c:86:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:115:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:154:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(il->cdata) < il->dlen - 1) {
data/tucnak-4.23/src/inputln.c:155:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(il->cdata + il->cpos + 1, il->cdata + il->cpos, strlen(il->cdata) - il->cpos + 1);
data/tucnak-4.23/src/inputln.c:168:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (il->cpos < strlen(il->cdata)) il->cpos++;
data/tucnak-4.23/src/inputln.c:180:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:185:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(il->cdata + il->cpos - 1, il->cdata + il->cpos, strlen(il->cdata) - il->cpos + 1);
data/tucnak-4.23/src/inputln.c:202:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (il->cpos < strlen(il->cdata))
data/tucnak-4.23/src/inputln.c:203:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(il->cdata + il->cpos, il->cdata + il->cpos + 1, strlen(il->cdata) - il->cpos + 1);
data/tucnak-4.23/src/inputln.c:216:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(il->cdata, il->cdata + il->cpos, strlen(il->cdata + il->cpos) + 1);
data/tucnak-4.23/src/inputln.c:228:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(callkst, "");
data/tucnak-4.23/src/inputln.c:249:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (il->hist_i==-1 && strlen(il->cdata)>0){
data/tucnak-4.23/src/inputln.c:270:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:282:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (il->hist_i==-1 && strlen(il->cdata)>0){
data/tucnak-4.23/src/inputln.c:289:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(il->cdata,
data/tucnak-4.23/src/inputln.c:293:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(il->cdata, ""); /* FIXME */
data/tucnak-4.23/src/inputln.c:294:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:309:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(il->cdata,
data/tucnak-4.23/src/inputln.c:313:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(il->cdata, ""); /* FIXME */
data/tucnak-4.23/src/inputln.c:314:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:370:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(il->cdata) < il->dlen - 1) {
data/tucnak-4.23/src/inputln.c:371:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(il->cdata + il->cpos + 1, il->cdata + il->cpos, strlen(il->cdata) - il->cpos + 1);
data/tucnak-4.23/src/inputln.c:442:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((il->cpos = il->vpos + ev->x - il->x) > strlen(il->cdata)) il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:442:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((il->cpos = il->vpos + ev->x - il->x) > strlen(il->cdata)) il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:471:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(il->cdata , VTEXT(T__RO_BAND), il->dlen);
data/tucnak-4.23/src/inputln.c:473:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(il->cdata , "", il->dlen);
data/tucnak-4.23/src/inputln.c:482:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/inputln.c:489:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
il->cpos = strlen(il->cdata);
data/tucnak-4.23/src/kbd.c:159:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(h, init_seq, strlen(init_seq));
data/tucnak-4.23/src/kbd.c:161:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(h, init_seq_tw_mouse, strlen(init_seq_tw_mouse));
data/tucnak-4.23/src/kbd.c:163:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(h, init_seq_x_mouse, strlen(init_seq_x_mouse));
data/tucnak-4.23/src/kbd.c:169:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(h, term_seq, strlen(term_seq));
data/tucnak-4.23/src/kbd.c:171:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(h, term_seq_tw_mouse, strlen(term_seq_tw_mouse));
data/tucnak-4.23/src/kbd.c:173:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(h, term_seq_x_mouse, strlen(term_seq_x_mouse));
data/tucnak-4.23/src/kbd.c:451:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(param = g_malloc(strlen(path->str) + strlen(delete1->str) + 3))) goto to_je_ale_hnus;
data/tucnak-4.23/src/kbd.c:451:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(param = g_malloc(strlen(path->str) + strlen(delete1->str) + 3))) goto to_je_ale_hnus;
data/tucnak-4.23/src/kbd.c:454:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(param + 1 + strlen(path->str) + 1, delete1->str);
data/tucnak-4.23/src/kbd.c:456:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((blockh = start_thread((void (*)(void *, int))exec_thread, param, strlen(path->str) + strlen(delete1->str) + 3)) == -1) {
data/tucnak-4.23/src/kbd.c:456:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((blockh = start_thread((void (*)(void *, int))exec_thread, param, strlen(path->str) + strlen(delete1->str) + 3)) == -1) {
data/tucnak-4.23/src/kbd.c:814:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read(itrm->std_in, itrm->kqueue + itrm->qlen, IN_BUF_SIZE - itrm->qlen)) <= 0) {
data/tucnak-4.23/src/kst.c:56:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sw->il->cdata) < 1){
data/tucnak-4.23/src/kst.c:389:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(kst_time_str, "");
data/tucnak-4.23/src/kst.c:472:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!line || strlen(line) <= sw->ho) continue;
data/tucnak-4.23/src/kst.c:620:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(sw->sock, str, strlen(str), 0);
data/tucnak-4.23/src/kst.c:889:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x < 0 || x >= strlen(s)) return NULL;
data/tucnak-4.23/src/kst.c:904:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/tucnak-4.23/src/kst.c:1018:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aband->skedqrg) > 0){
data/tucnak-4.23/src/kst.c:1100:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call, sw->callunder, 20);
data/tucnak-4.23/src/kst.c:1159:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 9) return COL_NORM;
data/tucnak-4.23/src/kst.c:1183:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 20) return 0;
data/tucnak-4.23/src/kst.c:1342:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send(sw->sock, c, strlen(c), 0);
data/tucnak-4.23/src/kst.c:1474:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qrv->search) > 1){// here's leading /
data/tucnak-4.23/src/main.c:928:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s, " "); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/main.c:929:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s, ""); strcpy(t, s); printf("'%s' '%s'\n", s, trim(t));
data/tucnak-4.23/src/map2d.c:31:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/tucnak-4.23/src/map2d.c:33:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/tucnak-4.23/src/masterdb.c:82:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reslen += strlen(call);
data/tucnak-4.23/src/masterdb.c:110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call)==0) return;
data/tucnak-4.23/src/menu.c:228:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\n') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/menu.c:228:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\n') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/menu.c:228:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\n') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/menu.c:229:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\r') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/menu.c:229:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\r') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/menu.c:229:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\r') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/menu.c:238:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(d)>50) d[50]='\0';
data/tucnak-4.23/src/menu.c:250:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/menu.c:250:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/menu.c:515:24: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p+=sprintf(p, "\n");
data/tucnak-4.23/src/menu.c:524:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, "\n");
data/tucnak-4.23/src/menu.c:573:10: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
p += sprintf(p, "\n");
data/tucnak-4.23/src/menu.c:1264:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[i])==0) continue;
data/tucnak-4.23/src/menu.c:1267:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[i])>max) max=strlen(items[i]);
data/tucnak-4.23/src/menu.c:1267:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[i])>max) max=strlen(items[i]);
data/tucnak-4.23/src/menu.c:1291:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[i])==0) continue;
data/tucnak-4.23/src/menu.c:1295:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/menu.c:1295:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/menu.c:1364:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[i])==0) continue;
data/tucnak-4.23/src/menu.c:1369:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/menu.c:1369:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>max) max=strlen(c);
data/tucnak-4.23/src/menu.c:1460:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > max) max = strlen(s);
data/tucnak-4.23/src/menu.c:1460:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > max) max = strlen(s);
data/tucnak-4.23/src/menu.c:1526:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > max) max = strlen(s);
data/tucnak-4.23/src/menu.c:1526:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > max) max = strlen(s);
data/tucnak-4.23/src/menu1.c:1217:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlgd->items[excnameidx].cpos = strlen(dlgd->items[excnameidx].cdata);
data/tucnak-4.23/src/menu1.c:1737:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg->pcall)==0 || strlen(cfg->pwwlo)==0){
data/tucnak-4.23/src/menu1.c:1737:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg->pcall)==0 || strlen(cfg->pwwlo)==0){
data/tucnak-4.23/src/menu2.c:105:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=strlen(rsts);
data/tucnak-4.23/src/menu2.c:106:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r=strlen(rstr);
data/tucnak-4.23/src/menu2.c:328:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(s);
data/tucnak-4.23/src/menu3.c:382:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GPOINTER_TO_INT(arg) == 0 && strlen(b->mope1) != 0) continue;
data/tucnak-4.23/src/menu3.c:402:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gs->len+2+strlen(c) >= 50) gs=gs2;
data/tucnak-4.23/src/menu3.c:1019:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(remark)>10){
data/tucnak-4.23/src/menu3.c:1076:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(remark, "");
data/tucnak-4.23/src/menu4.c:913:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ssbd_alsa_src, "");
data/tucnak-4.23/src/menu4.c:924:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ssbd_oss_src, "");
data/tucnak-4.23/src/menu4.c:978:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cfg->ssbd_alsa_src && strlen(cfg->ssbd_alsa_src)>0){
data/tucnak-4.23/src/menu5.c:143:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gfx_x_ch_str, "");
data/tucnak-4.23/src/menu5.c:144:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gfx_y_ch_str, "");
data/tucnak-4.23/src/menu5.c:153:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gfx_x_ch_str, "");
data/tucnak-4.23/src/menu5.c:154:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(gfx_y_ch_str, "");
data/tucnak-4.23/src/menu5.c:394:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_window_ptr(gses->win, (term->x - strlen(mi->rtext) - 6) / 2, (term->y - 2 - gtrigs->trigs->len) / 2);
data/tucnak-4.23/src/menu5.c:721:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dlg->items[1].cdata) == 0) g_strlcpy(dlg->items[1].cdata, new_model_name, EQSO_LEN);
data/tucnak-4.23/src/menu5.c:742:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rig_filename, "");
data/tucnak-4.23/src/menu5.c:743:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rig_model_str, "1");
data/tucnak-4.23/src/menu5.c:744:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rig_speed_str, "0");
data/tucnak-4.23/src/menu5.c:747:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rig_ssbcw_shift_str, "0");
data/tucnak-4.23/src/menu5.c:748:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rig_lo_str, "0");
data/tucnak-4.23/src/menu5.c:779:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_model_name, "");
data/tucnak-4.23/src/menu5.c:1104:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rot_filename, "");
data/tucnak-4.23/src/menu5.c:1105:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rot_hostname, "");
data/tucnak-4.23/src/menu5.c:1109:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rot_serial, "");
data/tucnak-4.23/src/menu5.c:1114:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rot_model_str, "0");
data/tucnak-4.23/src/menu5.c:1115:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rot_rem_rotstr, "A");
data/tucnak-4.23/src/menu6.c:587:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_sdr_sndfilename)>0 && sdr_sndfilename_index >= 0){
data/tucnak-4.23/src/menu6.c:589:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlg->items[sdr_sndfilename_index].cpos = strlen(new_sdr_sndfilename);
data/tucnak-4.23/src/menu6.c:590:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_sdr_sndfilename, "");
data/tucnak-4.23/src/menu6.c:592:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_sdr_af_filename)>0 && sdr_af_filename_index >= 0){
data/tucnak-4.23/src/menu6.c:594:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlg->items[sdr_af_filename_index].cpos = strlen(new_sdr_af_filename);
data/tucnak-4.23/src/menu6.c:595:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_sdr_af_filename, "");
data/tucnak-4.23/src/menu6.c:741:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_sdr_sndfilename, "");
data/tucnak-4.23/src/menu6.c:742:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_sdr_af_filename, "");
data/tucnak-4.23/src/namedb.c:61:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call)==0 || strlen(name)==0) return;
data/tucnak-4.23/src/namedb.c:61:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call)==0 || strlen(name)==0) return;
data/tucnak-4.23/src/net.c:562:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\n') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/net.c:562:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\n') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/net.c:562:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\n') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/net.c:563:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\r') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/net.c:563:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\r') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/net.c:563:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)>0 && s[strlen(s)-1]=='\r') s[strlen(s)-1]='\0';
data/tucnak-4.23/src/net.c:861:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)>0) rel_read(conn, line);
data/tucnak-4.23/src/net.c:882:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
towrite = strlen(conn->wrbuf->str);
data/tucnak-4.23/src/net.c:977:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendto(gnet->udpsock, gs->str, strlen(gs->str), 0, (struct sockaddr *)asin, socklen);
data/tucnak-4.23/src/net.c:986:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendto(gnet->udpsock, gs->str, strlen(gs->str), 0, gnet->bcast_addr+i, socklen);
data/tucnak-4.23/src/net.c:1262:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
towrite = strlen(conn->wrbuf->str);
data/tucnak-4.23/src/net.c:1273:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(ss);
data/tucnak-4.23/src/net.c:1306:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ss, s, 2);
data/tucnak-4.23/src/net.c:1421:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trace(cfg->trace_recv, "%s: rel_read '%s' (%d)\n", conn->fid, ss, strlen(ss));
data/tucnak-4.23/src/net.c:1430:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:1440:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zmd5_update(&md5, (unsigned char*)hash, strlen(hash));
data/tucnak-4.23/src/net.c:1462:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:1473:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zmd5_update(&md5, (unsigned char *)hash, strlen(hash));
data/tucnak-4.23/src/net.c:1509:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:1520:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1531:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1559:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<3) return;
data/tucnak-4.23/src/net.c:1600:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1624:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1637:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1656:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1696:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1715:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1750:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1763:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[2])==0) goto x_cf;
data/tucnak-4.23/src/net.c:1785:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1819:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1857:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1881:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1911:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:1943:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2024:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2056:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2088:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2181:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2205:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2225:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2245:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2265:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2284:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2307:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2325:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 2) return;
data/tucnak-4.23/src/net.c:2354:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:2372:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:2402:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:2424:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4) return;
data/tucnak-4.23/src/net.c:2482:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2511:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rwbands, "");
data/tucnak-4.23/src/net.c:2546:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2597:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2617:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2654:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2669:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2686:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2742:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2777:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2796:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2845:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line)<4) return;
data/tucnak-4.23/src/net.c:2864:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(items[2])==0) goto x_cf;
data/tucnak-4.23/src/net.c:2958:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>0 && c[strlen(c)-1]=='\n') c[strlen(c)]='\0';
data/tucnak-4.23/src/net.c:2958:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>0 && c[strlen(c)-1]=='\n') c[strlen(c)]='\0';
data/tucnak-4.23/src/net.c:2958:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>0 && c[strlen(c)-1]=='\n') c[strlen(c)]='\0';
data/tucnak-4.23/src/net.c:3267:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rwbands, "");
data/tucnak-4.23/src/net.c:3299:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(talk) < 7) continue;
data/tucnak-4.23/src/net.c:3436:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s,"");
data/tucnak-4.23/src/ntpq.c:89:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret=read(ntpq->rfd, s, 1024);
data/tucnak-4.23/src/os_dep.c:398:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read(oms->p[0], oms->buffer + oms->bufptr, sizeof(struct event) - oms->bufptr)) <= 0) {
data/tucnak-4.23/src/os_dep.h:31:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/tucnak-4.23/src/oss.c:157:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = read(dsp->fd, data, frames * bpf);
data/tucnak-4.23/src/oss.c:207:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i=strlen(s);
data/tucnak-4.23/src/oss.c:223:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!dsp || !dsp->oss_mixer || strlen(dsp->oss_mixer)==0) return 0;
data/tucnak-4.23/src/oss.c:237:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(labels->str)>0) g_string_append_c(labels, ';');
data/tucnak-4.23/src/pa.c:51:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(hai->name);
data/tucnak-4.23/src/pa.c:53:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(di->name);
data/tucnak-4.23/src/ppdev.c:42:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len<strlen(cfg->cwda_device))
data/tucnak-4.23/src/profile.c:16:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->file_name = (char *)(malloc (strlen (moduleName) + 1));
data/tucnak-4.23/src/qrvdb.c:64:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrvdb->search, "");
data/tucnak-4.23/src/qrvdb.c:153:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && strlen(text) > strlen(qi->text)){
data/tucnak-4.23/src/qrvdb.c:153:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text && strlen(text) > strlen(qi->text)){
data/tucnak-4.23/src/qrvdb.c:221:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s)==0) return 0;
data/tucnak-4.23/src/qrvdb.c:344:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv_str, "");
data/tucnak-4.23/src/qrvdb.c:347:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(wkd_str, "");
data/tucnak-4.23/src/qrvdb.c:352:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(wkd_str+strlen(wkd_str), "%c%d", d, qi->wkd[d - 'A']);
data/tucnak-4.23/src/qrvdb.c:395:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qrv->search) > 1){// here's leading /
data/tucnak-4.23/src/qrvdb.c:661:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv->search, "");
data/tucnak-4.23/src/qrvdb.c:684:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(qrv->search);
data/tucnak-4.23/src/qrvdb.c:710:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(qrv->search);
data/tucnak-4.23/src/qrvdb.c:800:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv->search, "/");
data/tucnak-4.23/src/qrvdb.c:1067:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrb_str, "");
data/tucnak-4.23/src/qrvdb.c:1070:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qtf_str, "");
data/tucnak-4.23/src/qrvdb.c:1073:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(kst_time_str, "");
data/tucnak-4.23/src/qrvdb.c:1088:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c && strlen(c)>sw->ho){
data/tucnak-4.23/src/qrvdb.c:1149:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(qrv->search);
data/tucnak-4.23/src/qrvdb.c:1157:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(c);
data/tucnak-4.23/src/qrvdb.c:1160:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(c);
data/tucnak-4.23/src/qrvdb.c:1163:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(c);
data/tucnak-4.23/src/qrvdb.c:1487:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv_qrv, "");
data/tucnak-4.23/src/qrvdb.c:1495:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv_call, "");
data/tucnak-4.23/src/qrvdb.c:1496:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv_wwl, "");
data/tucnak-4.23/src/qrvdb.c:1497:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv_qrv, "");
data/tucnak-4.23/src/qrvdb.c:1499:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrv_wkd, "");
data/tucnak-4.23/src/qsodb.c:148:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctest->exclen = strlen(ctest->pexch);
data/tucnak-4.23/src/qsodb.c:1037:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q->exc) > ctest->exclen) ctest->exclen = strlen(q->exc);
data/tucnak-4.23/src/qsodb.c:1037:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q->exc) > ctest->exclen) ctest->exclen = strlen(q->exc);
data/tucnak-4.23/src/qsodb.c:1096:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tucnak-4.23/src/qsodb.c:1149:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tucnak-4.23/src/qsodb.c:1189:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_mem_comment(c, c, strlen(c));
data/tucnak-4.23/src/qsodb.c:1735:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) < 12) continue;
data/tucnak-4.23/src/rc.c:1349:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_scanner_input_text(scanner, text, strlen(text));
data/tucnak-4.23/src/rc.c:1397:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_scanner_input_text(scanner, str, strlen(str));
data/tucnak-4.23/src/rotar.c:79:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(crot->rot_filename) == 0){
data/tucnak-4.23/src/rotar.c:462:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rotar_qtf_str)>0){
data/tucnak-4.23/src/rotar.c:582:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rotar_qtf_str, "");
data/tucnak-4.23/src/rotar.c:583:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rotar_elev_str, "");
data/tucnak-4.23/src/rotar.c:642:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tucnak-4.23/src/rotar.c:676:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tucnak-4.23/src/rtlsdr.c:61:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, serial, strlen(s)) != 0) continue;
data/tucnak-4.23/src/rtlsdr.c:71:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(serial) - strlen(s);
data/tucnak-4.23/src/rtlsdr.c:71:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(serial) - strlen(s);
data/tucnak-4.23/src/rtlsdr.c:74:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, serial+offset, strlen(s)) != 0) continue;
data/tucnak-4.23/src/sdev.c:376:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/tucnak-4.23/src/sdev.c:418:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/tucnak-4.23/src/sdr.c:691:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tw = strlen(s) * zsdl->font_w;
data/tucnak-4.23/src/sdr.c:903:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
frames = sdr->iqdsp->read(sdr->iqdsp, buf, sdr->frames);
data/tucnak-4.23/src/session.c:137:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg->pcall)==0 || strlen(cfg->pwwlo)==0){
data/tucnak-4.23/src/session.c:137:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cfg->pcall)==0 || strlen(cfg->pwwlo)==0){
data/tucnak-4.23/src/session.c:515:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aband->tmpqsos[0].exc)==0) return 0;
data/tucnak-4.23/src/session.c:534:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aband->tmpqsos[0].locator)<4) return 0;
data/tucnak-4.23/src/session.c:536:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aband->tmpqsos[0].locator)!=6) return 0;
data/tucnak-4.23/src/session.c:867:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!TMPQ.callsign || !strlen(TMPQ.callsign)) && aband->qsos->len>0){
data/tucnak-4.23/src/session.c:1214:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(term->x-QSONR_WIDTH-strlen(s)-2,0,-1,s,COL_NORM);
data/tucnak-4.23/src/session.c:1320:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "+");
data/tucnak-4.23/src/session.c:1322:42: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (gtrigs->rit <= -100) strcat(s, "-");
data/tucnak-4.23/src/session.c:1324:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, " ");
data/tucnak-4.23/src/session.c:1328:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(term->x-QSONR_WIDTH-BAND_WIDTH+14-strlen(s),ORIG_Y+4-1,BAND_WIDTH-1, s, COL_NORM | (DOUBLEHT_MASK << 15)); // to redraw also upper line
data/tucnak-4.23/src/session.c:1329:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(term->x-QSONR_WIDTH-BAND_WIDTH+14-strlen(s),ORIG_Y+4,BAND_WIDTH-1, s, COL_NORM | (DOUBLEHB_MASK << 15));
data/tucnak-4.23/src/session.c:1334:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(term->x-QSONR_WIDTH-BAND_WIDTH+14-strlen(s),ORIG_Y+4,BAND_WIDTH-1, s, COL_NORM);
data/tucnak-4.23/src/session.c:1377:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(14-strlen(c),term->y-2-cfg->loglines-spypeers,-1,c,COL_NORM | (DOUBLEHT_MASK << 15));
data/tucnak-4.23/src/session.c:1378:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(14-strlen(c),term->y-1-cfg->loglines-spypeers,-1,c,COL_NORM | (DOUBLEHB_MASK << 15));
data/tucnak-4.23/src/session.c:1383:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(14-strlen(c),term->y-1-cfg->loglines-spypeers,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1403:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s,"");
data/tucnak-4.23/src/session.c:1412:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(36-strlen(c),term->y-cfg->loglines-spypeers+i,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1414:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(40-strlen(c),term->y-cfg->loglines-spypeers+i,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1416:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(45-strlen(c),term->y-cfg->loglines-spypeers+i,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1418:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(49-strlen(c),term->y-cfg->loglines-spypeers+i,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1421:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(50-strlen(exc),term->y-cfg->loglines-spypeers+i,-1,exc,COL_NORM);
data/tucnak-4.23/src/session.c:1438:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(c);
data/tucnak-4.23/src/session.c:1454:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x += strlen(c) + 1;
data/tucnak-4.23/src/session.c:1468:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(17-strlen(dtime),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,dtime,COL_INV);
data/tucnak-4.23/src/session.c:1470:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(36-strlen(q->rsts),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,q->rsts,COL_INV);
data/tucnak-4.23/src/session.c:1471:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(40-strlen(q->qsonrs),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,q->qsonrs,COL_INV);
data/tucnak-4.23/src/session.c:1472:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(45-strlen(q->rstr),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,q->rstr,COL_INV);
data/tucnak-4.23/src/session.c:1473:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(49-strlen(q->qsonrr),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,q->qsonrr,COL_INV);
data/tucnak-4.23/src/session.c:1481:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(70-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,COL_INV);
data/tucnak-4.23/src/session.c:1485:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(75-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,COL_INV);
data/tucnak-4.23/src/session.c:1503:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(17-strlen(dtime),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,dtime,COL_NORM);
data/tucnak-4.23/src/session.c:1533:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x=18+1+strlen(c);
data/tucnak-4.23/src/session.c:1540:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x=18+1+strlen(c);
data/tucnak-4.23/src/session.c:1549:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(36-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1555:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s, "");
data/tucnak-4.23/src/session.c:1560:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(40-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1563:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(45-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1566:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c) print_text(49-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,COL_NORM);
data/tucnak-4.23/src/session.c:1602:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(70-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,
data/tucnak-4.23/src/session.c:1610:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(75-strlen(c),term->y-cfg->loglines-spypeers-DISP_QSOS+i-1,-1,c,
data/tucnak-4.23/src/session.c:1632:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x=QRA_X-strlen(c);
data/tucnak-4.23/src/session.c:1644:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(36-strlen(s),term->y-cfg->loglines-spypeers-DISP_QSOS-1,-1,s,COL_NORM);
data/tucnak-4.23/src/session.c:1677:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text((term->x-strlen(c))/2, term->y/2-3, -1, c, COL_NORM);
data/tucnak-4.23/src/session.c:1679:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text((term->x-strlen(c))/2, term->y/2-1, -1, c, COL_NORM);
data/tucnak-4.23/src/session.c:1681:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text((term->x-strlen(c))/2, term->y/2+0, -1, c, COL_NORM);
data/tucnak-4.23/src/session.c:1684:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text((term->x-strlen(c))/2, term->y-5, -1, c, COL_NORM);
data/tucnak-4.23/src/session.c:2170:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) > 0) call_info(NULL);
data/tucnak-4.23/src/session.c:2849:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s=strlen(q->rsts);
data/tucnak-4.23/src/session.c:2850:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r=strlen(q->rstr);
data/tucnak-4.23/src/session.c:2894:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbg("process_input(runmode=%d, len=%d, cq=%d, last_cq=%p)\n", ctest->runmode, strlen(text), cq, gses->last_cq);
data/tucnak-4.23/src/session.c:2896:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gses->mode == MOD_CW_CW && ctest->runmode && strlen(text)==0){ // tady muzeme prepsat $C 5NN $MX, pokud se znacka opravuje a zadava se vsechno najednou
data/tucnak-4.23/src/session.c:2901:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gses->mode == MOD_CW_CW && ctest->runmode && strlen(text)==0 && cq!= 0 && gses->last_cq == NULL){
data/tucnak-4.23/src/session.c:2931:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_text(term->x-6-strlen(s),0,11,s,color);
data/tucnak-4.23/src/sked.c:275:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlg->items[1].cpos = strlen(dlg->items[1].cdata);
data/tucnak-4.23/src/sked.c:371:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrg_str,"");
data/tucnak-4.23/src/sked.c:376:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(remark, "");
data/tucnak-4.23/src/sked.c:390:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrg_str,"");
data/tucnak-4.23/src/sked.c:395:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(remark, "");
data/tucnak-4.23/src/soundwrapper.c:69:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret=read(0, &freq, sizeof(freq));
data/tucnak-4.23/src/ssbd.c:212:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pfilename || strlen(pfilename)==0) {
data/tucnak-4.23/src/ssbd.c:651:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
frames = gssbd->dsp->read(gssbd->dsp, gssbd->buffer, gssbd->dsp->frames);
data/tucnak-4.23/src/ssbd.c:653:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/tucnak-4.23/src/ssbd.c:1060:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(template_) && template_[strlen(template_)-1] == '/') template_[strlen(template_)-1] = '\0';
data/tucnak-4.23/src/ssbd.c:1060:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(template_) && template_[strlen(template_)-1] == '/') template_[strlen(template_)-1] = '\0';
data/tucnak-4.23/src/ssbd.c:1060:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(template_) && template_[strlen(template_)-1] == '/') template_[strlen(template_)-1] = '\0';
data/tucnak-4.23/src/state.c:138:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gses->il->cpos = strlen(gses->il->cdata);
data/tucnak-4.23/src/state.c:150:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b->il->cpos = strlen(b->il->cdata);
data/tucnak-4.23/src/state.c:184:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sw->il->cpos = strlen(sw->il->cdata);
data/tucnak-4.23/src/stats.c:259:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s, "_");
data/tucnak-4.23/src/stats.c:260:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
safe_strncpy0(s + strlen(s), q->locator, 4+1);
data/tucnak-4.23/src/stats.c:728:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(missexc);
data/tucnak-4.23/src/subwin.c:125:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zserial_write(sw->zser, s, strlen(s));
data/tucnak-4.23/src/subwin.c:526:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/tucnak-4.23/src/subwin.c:595:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str) > sw->w &&
data/tucnak-4.23/src/subwin.c:623:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (c != NULL && strlen(s)>0){
data/tucnak-4.23/src/subwin.c:973:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x+=strlen(c)+1;
data/tucnak-4.23/src/subwin.c:984:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x+=strlen(c);
data/tucnak-4.23/src/subwin.c:995:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x+=strlen(c)+1;
data/tucnak-4.23/src/subwin.c:1017:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sw->titl1 + strlen(c) >= sw->w + 1) max=sw->w-sw->titl1+1; else max=-1;
data/tucnak-4.23/src/subwin.c:1028:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sw->titl1 + strlen(c) >= sw->w + 1) max=sw->w-sw->titl1+1; else max=-1;
data/tucnak-4.23/src/subwin.c:1440:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(new_, "");
data/tucnak-4.23/src/subwin.c:1441:52: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (ctest->wwlused && (q->new_ & NEW_WWL)) strcat(new_, "w");
data/tucnak-4.23/src/subwin.c:1442:52: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if ( q->new_ & NEW_DXC ) strcat(new_, "d");
data/tucnak-4.23/src/subwin.c:1443:54: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (ctest->exctype>0 && (q->new_ & NEW_EXC)) strcat(new_, "e");
data/tucnak-4.23/src/subwin.c:1444:52: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (q->new_ & NEW_PREF) strcat(new_, "p");
data/tucnak-4.23/src/subwin.c:1445:49: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (q->qsl) strcat(new_, "q");
data/tucnak-4.23/src/subwin.c:1446:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (q->remark && strlen(q->remark)>0) strcat(new_, "r");
data/tucnak-4.23/src/subwin.c:1446:49: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (q->remark && strlen(q->remark)>0) strcat(new_, "r");
data/tucnak-4.23/src/subwin.c:1484:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(q->band->bandname);
data/tucnak-4.23/src/subwin.c:1495:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(qrgstr, " ");
data/tucnak-4.23/src/subwin.c:1497:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(qrgstr, "");
data/tucnak-4.23/src/subwin.c:1508:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c)>sw->ho)
data/tucnak-4.23/src/subwin.c:1708:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c && strlen(c)>sw->fifo->ho) {
data/tucnak-4.23/src/subwin.c:1713:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctest->pcall)>=2){
data/tucnak-4.23/src/subwin.c:1719:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(aband->operator_)>=2){
data/tucnak-4.23/src/subwin.c:1786:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call)>3){
data/tucnak-4.23/src/subwin.c:1792:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (operator_ && strlen(operator_)>3){
data/tucnak-4.23/src/subwin.c:1807:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c && strlen(c)>sw->ho){
data/tucnak-4.23/src/subwin.c:1882:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
towrite = strlen(str);
data/tucnak-4.23/src/subwin.c:1898:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = zserial_write(sw->zser, s, strlen(s));
data/tucnak-4.23/src/subwin.c:2438:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/tucnak-4.23/src/subwin.c:2483:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int needlelen = strlen(needle);
data/tucnak-4.23/src/subwin.c:2496:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = d + strlen(needle);
data/tucnak-4.23/src/subwin.c:2500:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
after = d[strlen(needle)];
data/tucnak-4.23/src/subwin.c:2502:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = d + strlen(needle);
data/tucnak-4.23/src/subwin.c:2516:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = d + strlen(needle);
data/tucnak-4.23/src/terminal.c:61:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read(fd, p, l)) < 0) {
data/tucnak-4.23/src/terminal.c:401:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(term) < MAX_TERM_LEN) strcpy(t->term, term);
data/tucnak-4.23/src/terminal.c:1061:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[1 + strlen(path + 1) + 1]) unlink(path + 1 + strlen(path + 1) + 1);
data/tucnak-4.23/src/terminal.c:1061:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path[1 + strlen(path + 1) + 1]) unlink(path + 1 + strlen(path + 1) + 1);
data/tucnak-4.23/src/terminal.c:1102:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(param = g_malloc(strlen(path) + strlen(delete1) + 3))) return;
data/tucnak-4.23/src/terminal.c:1102:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(param = g_malloc(strlen(path) + strlen(delete1) + 3))) return;
data/tucnak-4.23/src/terminal.c:1105:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(param + 1 + strlen(path) + 1, delete1);
data/tucnak-4.23/src/terminal.c:1107:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((blockh = start_thread((void (*)(void *, int))exec_thread, param, strlen(path) + strlen(delete1) + 3)) == -1) {
data/tucnak-4.23/src/terminal.c:1107:98: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((blockh = start_thread((void (*)(void *, int))exec_thread, param, strlen(path) + strlen(delete1) + 3)) == -1) {
data/tucnak-4.23/src/terminal.c:1124:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((data = g_malloc(strlen(path) + strlen(delete1) + 4))) {
data/tucnak-4.23/src/terminal.c:1124:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((data = g_malloc(strlen(path) + strlen(delete1) + 4))) {
data/tucnak-4.23/src/terminal.c:1128:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(data + 3 + strlen(path), delete1);
data/tucnak-4.23/src/terminal.c:1129:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(term->fdout, data, strlen(path) + strlen(delete1) + 4);
data/tucnak-4.23/src/terminal.c:1129:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hard_write(term->fdout, data, strlen(path) + strlen(delete1) + 4);
data/tucnak-4.23/src/terminal.c:1144:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(x_data = (char *)g_malloc(strlen(data) + 2))) return;
data/tucnak-4.23/src/translate.c:93:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0 && v[strlen(v) - 1] == ',') v[strlen(v) - 1] = '\0';
data/tucnak-4.23/src/translate.c:93:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0 && v[strlen(v) - 1] == ',') v[strlen(v) - 1] = '\0';
data/tucnak-4.23/src/translate.c:93:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0 && v[strlen(v) - 1] == ',') v[strlen(v) - 1] = '\0';
data/tucnak-4.23/src/translate.c:94:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0 && v[strlen(v) - 1] == '"') v[strlen(v) - 1] = '\0';
data/tucnak-4.23/src/translate.c:94:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0 && v[strlen(v) - 1] == '"') v[strlen(v) - 1] = '\0';
data/tucnak-4.23/src/translate.c:94:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0 && v[strlen(v) - 1] == '"') v[strlen(v) - 1] = '\0';
data/tucnak-4.23/src/translate.c:307:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(translate_key) != 0){
data/tucnak-4.23/src/trig.c:552:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:567:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:608:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:615:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:625:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:634:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:643:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:651:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:667:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:676:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/trig.c:685:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(trig->poll_ms * 1000);
data/tucnak-4.23/src/tsdl.c:1208:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/tucnak-4.23/src/tsdl.c:1393:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tw = strlen(c) + 6;
data/tucnak-4.23/src/tsdl.c:1406:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(d + 2, 0x94, Z_MIN(tw - 4, strlen(d)));
data/tucnak-4.23/src/tsdl.c:1414:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(d + 3, c, strlen(c));
data/tucnak-4.23/src/uhpd.c:55:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret < strlen(KEY)) continue;
data/tucnak-4.23/src/uhpd.c:56:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(buf, KEY, strlen(KEY)) != 0) continue;
data/tucnak-4.23/src/uhpd.c:58:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = sendto(sock, buf, strlen(buf), 0, (struct sockaddr*)&sin, sizeof(sin));
data/tucnak-4.23/src/update.c:106:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GString *sh = g_string_sized_new(strlen(txt_update) + 200);
data/tucnak-4.23/src/vhfcontestnet.c:86:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, maxpsectlen = strlen("single"), maxpwrlen = 0;
data/tucnak-4.23/src/vhfcontestnet.c:98:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b->psect == 3 && strlen(b->opsect) > maxpsectlen) maxpsectlen = strlen(b->opsect);
data/tucnak-4.23/src/vhfcontestnet.c:98:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (b->psect == 3 && strlen(b->opsect) > maxpsectlen) maxpsectlen = strlen(b->opsect);
data/tucnak-4.23/src/vhfcontestnet.c:99:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b->spowe) > maxpwrlen) maxpwrlen = strlen(b->spowe);
data/tucnak-4.23/src/vhfcontestnet.c:99:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b->spowe) > maxpwrlen) maxpwrlen = strlen(b->spowe);
data/tucnak-4.23/src/vhfcontestnet.c:163:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(d2) > max) max = strlen(d2);
data/tucnak-4.23/src/vhfcontestnet.c:163:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(d2) > max) max = strlen(d2);
data/tucnak-4.23/src/voip.c:348:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > max) max = strlen(s);
data/tucnak-4.23/src/voip.c:348:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) > max) max = strlen(s);
data/tucnak-4.23/src/voip.c:409:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/tucnak-4.23/src/wiki.c:445:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t in = strlen(title);
data/tucnak-4.23/src/winkey.c:81:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/tucnak-4.23/src/winkey.c:85:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/tucnak-4.23/src/winkey.c:215:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
winkey_write(cwda, s, strlen(s));
data/tucnak-4.23/src/wizz.c:117:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tname)>0 && tname[strlen(tname)-1]==']')
data/tucnak-4.23/src/wizz.c:117:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tname)>0 && tname[strlen(tname)-1]==']')
data/tucnak-4.23/src/wizz.c:118:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tname[strlen(tname)-1]='\0';
data/tucnak-4.23/src/wizz.c:144:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(k) > 8 && strncasecmp(k, "qsomult_", 8) == 0){
data/tucnak-4.23/src/zosk.c:318:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) == 1 && (zosk->shift->pressed || zosk->flags & ZOSK_UPCONVERT)) {
data/tucnak-4.23/src/zosk.c:405:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
surface = SDL_AllocSurface(SDL_SWSURFACE, 10 + fw * strlen(c), 10 + fh, 32, Rmask, Gmask, Bmask, Amask);
data/tucnak-4.23/src/zosk.c:478:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) >= zosk->maxlen_c) c += strlen(c) - zosk->maxlen_c + 1;
data/tucnak-4.23/src/zosk.c:478:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(c) >= zosk->maxlen_c) c += strlen(c) - zosk->maxlen_c + 1;
data/tucnak-4.23/src/zosk.c:480:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zsdl_printf(zosk->surface, 32 + strlen(c) * zosk->font_w, 10, 0, sdl->cursor, ZFONT_USERH(zosk->font_h), " ");
data/tucnak-4.23/src/zstring.c:101:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/tucnak-4.23/src/zstring.c:122:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(zstr->str + zstr->tokenpos) + zstr->tokenpos;
data/tucnak-4.23/src/zstring.c:204:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = write(fd, c, strlen(c));
ANALYSIS SUMMARY:
Hits = 1735
Lines analyzed = 75017 in approximately 1.94 seconds (38597 lines/second)
Physical Source Lines of Code (SLOC) = 57493
Hits@level = [0] 242 [1] 643 [2] 969 [3] 20 [4] 102 [5] 1
Hits@level+ = [0+] 1977 [1+] 1735 [2+] 1092 [3+] 123 [4+] 103 [5+] 1
Hits/KSLOC@level+ = [0+] 34.3868 [1+] 30.1776 [2+] 18.9936 [3+] 2.13939 [4+] 1.79152 [5+] 0.0173934
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.