Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/unixodbc-2.3.6/Drivers/template/SQLDescribeParam.c Examining data/unixodbc-2.3.6/Drivers/template/SQLColumnPrivileges.c Examining data/unixodbc-2.3.6/Drivers/template/SQLNumResultCols.c Examining data/unixodbc-2.3.6/Drivers/template/SQLBindCol.c Examining data/unixodbc-2.3.6/Drivers/template/SQLBindParameter.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetDescRec.c Examining data/unixodbc-2.3.6/Drivers/template/SQLCopyDesc.c Examining data/unixodbc-2.3.6/Drivers/template/SQLAllocHandle.c Examining data/unixodbc-2.3.6/Drivers/template/_FreeDbc.c Examining data/unixodbc-2.3.6/Drivers/template/SQLParamData.c Examining data/unixodbc-2.3.6/Drivers/template/driverextras.h Examining data/unixodbc-2.3.6/Drivers/template/SQLDisconnect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLColumns.c Examining data/unixodbc-2.3.6/Drivers/template/SQLNumParams.c Examining data/unixodbc-2.3.6/Drivers/template/SQLStatistics.c Examining data/unixodbc-2.3.6/Drivers/template/_NativeToSQLType.c Examining data/unixodbc-2.3.6/Drivers/template/_FreeResults.c Examining data/unixodbc-2.3.6/Drivers/template/SQLTables.c Examining data/unixodbc-2.3.6/Drivers/template/SQLAllocConnect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLParamOptions.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSpecialColumns.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetDiagRec.c Examining data/unixodbc-2.3.6/Drivers/template/_FreeDbcList.c Examining data/unixodbc-2.3.6/Drivers/template/SQLFetchScroll.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetData.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetStmtOption.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetCursorName.c Examining data/unixodbc-2.3.6/Drivers/template/SQLCancel.c Examining data/unixodbc-2.3.6/Drivers/template/SQLExecute.c Examining data/unixodbc-2.3.6/Drivers/template/SQLFreeStmt.c Examining data/unixodbc-2.3.6/Drivers/template/SQLProcedureColumns.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetTypeInfo.c Examining data/unixodbc-2.3.6/Drivers/template/_FreeStmtList.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetParam.c Examining data/unixodbc-2.3.6/Drivers/template/SQLError.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetDescRec.c Examining data/unixodbc-2.3.6/Drivers/template/SQLRowCount.c Examining data/unixodbc-2.3.6/Drivers/template/SQLFetch.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetDescField.c Examining data/unixodbc-2.3.6/Drivers/template/SQLBulkOperations.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetConnectOption.c Examining data/unixodbc-2.3.6/Drivers/template/_NativeTypeLength.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetConnectOption.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetStmtAttr.c Examining data/unixodbc-2.3.6/Drivers/template/SQLPrepare.c Examining data/unixodbc-2.3.6/Drivers/template/_GetData.c Examining data/unixodbc-2.3.6/Drivers/template/driver.h Examining data/unixodbc-2.3.6/Drivers/template/SQLExtendedFetch.c Examining data/unixodbc-2.3.6/Drivers/template/SQLEndTran.c Examining data/unixodbc-2.3.6/Drivers/template/SQLFreeEnv.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetConnectAttr.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetEnvAttr.c Examining data/unixodbc-2.3.6/Drivers/template/SQLFreeHandle.c Examining data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLNativeSql.c Examining data/unixodbc-2.3.6/Drivers/template/SQLMoreResults.c Examining data/unixodbc-2.3.6/Drivers/template/SQLAllocEnv.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetDiagField.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetCursorName.c Examining data/unixodbc-2.3.6/Drivers/template/SQLBrowseConnect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetStmtOption.c Examining data/unixodbc-2.3.6/Drivers/template/SQLConnect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetDescField.c Examining data/unixodbc-2.3.6/Drivers/template/SQLForeignKeys.c Examining data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetPos.c Examining data/unixodbc-2.3.6/Drivers/template/SQLExecDirect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLCloseCursor.c Examining data/unixodbc-2.3.6/Drivers/template/SQLPutData.c Examining data/unixodbc-2.3.6/Drivers/template/SQLFreeConnect.c Examining data/unixodbc-2.3.6/Drivers/template/SQLPrimaryKeys.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetInfo.c Examining data/unixodbc-2.3.6/Drivers/template/SQLTablePrivileges.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetStmtAttr.c Examining data/unixodbc-2.3.6/Drivers/template/SQLProcedures.c Examining data/unixodbc-2.3.6/Drivers/template/SQLGetEnvAttr.c Examining data/unixodbc-2.3.6/Drivers/template/_NativeTypePrecision.c Examining data/unixodbc-2.3.6/Drivers/template/SQLTransact.c Examining data/unixodbc-2.3.6/Drivers/template/SQLDescribeCol.c Examining data/unixodbc-2.3.6/Drivers/template/_NativeToSQLColumnHeader.c Examining data/unixodbc-2.3.6/Drivers/template/SQLAllocStmt.c Examining data/unixodbc-2.3.6/Drivers/template/_NativeTypeDesc.c Examining data/unixodbc-2.3.6/Drivers/template/SQLSetScrollOptions.c Examining data/unixodbc-2.3.6/Drivers/template/SQLColAttributes.c Examining data/unixodbc-2.3.6/Drivers/template/_FreeStmt.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumnPrivileges.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetInfo.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSpecialColumns.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLProcedures.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLPutData.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_FreeDbcList.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeStmt.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTablePrivileges.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_FreeDbc.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocStmt.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLCopyDesc.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTransact.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFetchScroll.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeToSQLColumnHeader.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLExtendedFetch.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLCancel.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetDiagField.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumns.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetEnvAttr.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDriverConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocEnv.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBindCol.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetTypeInfo.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetDescField.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBulkOperations.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFetch.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetCursorName.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetDescRec.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetData.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBrowseConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLProcedureColumns.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeEnv.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDisconnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetStmtOption.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLStatistics.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/driver.h Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLExecute.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeParam.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFreeStmt.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetDiagRec.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_GetData.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetConnectOption.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeTypeDesc.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetStmtAttr.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeTypeLength.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetDescRec.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttributes.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLNativeSql.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLParamOptions.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLRowCount.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLNumResultCols.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetConnectAttr.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetParam.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_FreeStmtList.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetConnectOption.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLPrepare.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_Execute.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLMoreResults.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLAllocConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBindParameter.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLForeignKeys.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLEndTran.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFreeEnv.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeToSQLType.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetStmtAttr.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeTypePrecision.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetCursorName.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetPos.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_Prepare.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLCloseCursor.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeCol.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLPrimaryKeys.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFreeConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetStmtOption.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_FreeStmt.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetEnvAttr.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFreeHandle.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/driverextras.h Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLExecDirect.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLAllocEnv.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetDescField.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/_FreeResults.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLParamData.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTables.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLAllocStmt.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLNumParams.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLAllocHandle.c Examining data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetScrollOptions.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLGetConnectOption.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLSetConnectOption.c Examining data/unixodbc-2.3.6/Drivers/nn/stmt.h Examining data/unixodbc-2.3.6/Drivers/nn/SQLPrepare.c Examining data/unixodbc-2.3.6/Drivers/nn/execute.c Examining data/unixodbc-2.3.6/Drivers/nn/yyparse.tab.h Examining data/unixodbc-2.3.6/Drivers/nn/SQLFreeEnv.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLDisconnect.c Examining data/unixodbc-2.3.6/Drivers/nn/herr.h Examining data/unixodbc-2.3.6/Drivers/nn/herr.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLNumResultCols.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLBindParameter.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLFreeConnect.c Examining data/unixodbc-2.3.6/Drivers/nn/prepare.c Examining data/unixodbc-2.3.6/Drivers/nn/yyerr.h Examining data/unixodbc-2.3.6/Drivers/nn/yyerr.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLConnect.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLFreeStmt.c Examining data/unixodbc-2.3.6/Drivers/nn/yystmt.h Examining data/unixodbc-2.3.6/Drivers/nn/SQLDescribeCol.c Examining data/unixodbc-2.3.6/Drivers/nn/yystmt.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLFetch.c Examining data/unixodbc-2.3.6/Drivers/nn/nntp.h Examining data/unixodbc-2.3.6/Drivers/nn/nntp.c Examining data/unixodbc-2.3.6/Drivers/nn/yyparse.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLSetParam.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLRowCount.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLError.c Examining data/unixodbc-2.3.6/Drivers/nn/connect.h Examining data/unixodbc-2.3.6/Drivers/nn/yytchk.c Examining data/unixodbc-2.3.6/Drivers/nn/connect.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLPutData.c Examining data/unixodbc-2.3.6/Drivers/nn/driver.h Examining data/unixodbc-2.3.6/Drivers/nn/nncol.h Examining data/unixodbc-2.3.6/Drivers/nn/nncol.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLAllocStmt.c Examining data/unixodbc-2.3.6/Drivers/nn/misc.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLCancel.c Examining data/unixodbc-2.3.6/Drivers/nn/isqlext.h Examining data/unixodbc-2.3.6/Drivers/nn/SQLParamData.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLNumParams.c Examining data/unixodbc-2.3.6/Drivers/nn/nnsql.h Examining data/unixodbc-2.3.6/Drivers/nn/nndate.h Examining data/unixodbc-2.3.6/Drivers/nn/nndate.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLBindCol.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLAllocConnect.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLAllocEnv.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLGetData.c Examining data/unixodbc-2.3.6/Drivers/nn/yylex.h Examining data/unixodbc-2.3.6/Drivers/nn/yylex.c Examining data/unixodbc-2.3.6/Drivers/nn/hstmt.h Examining data/unixodbc-2.3.6/Drivers/nn/yyenv.h Examining data/unixodbc-2.3.6/Drivers/nn/SQLExecute.c Examining data/unixodbc-2.3.6/Drivers/nn/SQLDriverConnect.c Examining data/unixodbc-2.3.6/Drivers/nn/isql.h Examining data/unixodbc-2.3.6/Drivers/nn/SQLExecDirect.c Examining data/unixodbc-2.3.6/Drivers/nn/nnconfig.h Examining data/unixodbc-2.3.6/Drivers/nn/convert.c Examining data/unixodbc-2.3.6/Drivers/nn/convert.h Examining data/unixodbc-2.3.6/Drivers/nn/yyevl.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c Parsing failed to find end of parameter list; semicolon terminated it in (param_string, "%ld", #else sprintf(param_string, "%d", #endif *((SDWORD *) buffer)); break; case SQL_C_SSHORT: case SQL_C_SHORT: sprintf(param_string, "%d", *((SWORD *) buffer)) Parsing failed to find end of parameter list; semicolon terminated it in (param_string, "%lu", #else sprintf(param_string, "%u", #endif *((UDWORD *) buffer)); break; case SQL_C_USHORT: sprintf(param_string, "%u", *((UWORD *) buffer)); break; case Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/bind.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/resource.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/bind.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/psqlodbc.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/psqlodbc.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/lobj.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/lobj.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/isqlext.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/pgtypes.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/pgtypes.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/drvconn.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/tuplelist.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/tuplelist.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/isql.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/columninfo.h Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/columninfo.c Examining data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.h Examining data/unixodbc-2.3.6/odbcinst/SQLInstallerError.c Examining data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c Examining data/unixodbc-2.3.6/odbcinst/SQLRemoveTranslator.c Examining data/unixodbc-2.3.6/odbcinst/SQLPostInstallerError.c Examining data/unixodbc-2.3.6/odbcinst/_odbcinst_ConfigModeINI.c Examining data/unixodbc-2.3.6/odbcinst/SQLSetConfigMode.c Examining data/unixodbc-2.3.6/odbcinst/SQLRemoveDSNFromIni.c Examining data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c Examining data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c Examining data/unixodbc-2.3.6/odbcinst/SQLInstallODBC.c Examining data/unixodbc-2.3.6/odbcinst/ODBCINSTDestructProperties.c Examining data/unixodbc-2.3.6/odbcinst/ODBCINSTValidateProperties.c Examining data/unixodbc-2.3.6/odbcinst/_logging.c Examining data/unixodbc-2.3.6/odbcinst/_SQLDriverConnectPrompt.c Examining data/unixodbc-2.3.6/odbcinst/_odbcinst_GetSections.c Examining data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c Examining data/unixodbc-2.3.6/odbcinst/SQLGetTranslator.c Examining data/unixodbc-2.3.6/odbcinst/SQLWritePrivateProfileString.c Examining data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c Examining data/unixodbc-2.3.6/odbcinst/SQLRemoveDriverManager.c Examining data/unixodbc-2.3.6/odbcinst/ODBCINSTSetProperty.c Examining data/unixodbc-2.3.6/odbcinst/ODBCINSTValidateProperty.c Examining data/unixodbc-2.3.6/odbcinst/SQLGetConfigMode.c Examining data/unixodbc-2.3.6/odbcinst/SQLInstallTranslatorEx.c Examining data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c Examining data/unixodbc-2.3.6/odbcinst/_odbcinst_GetEntries.c Examining data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c Examining data/unixodbc-2.3.6/odbcinst/SQLWriteDSNToIni.c Examining data/unixodbc-2.3.6/odbcinst/SQLInstallDriverManager.c Examining data/unixodbc-2.3.6/odbcinst/_SQLWriteInstalledDrivers.c Examining data/unixodbc-2.3.6/odbcinst/SQLValidDSN.c Examining data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c Examining data/unixodbc-2.3.6/odbcinst/SQLGetAvailableDrivers.c Examining data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c Examining data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c Examining data/unixodbc-2.3.6/odbcinst/SQLConfigDriver.c Examining data/unixodbc-2.3.6/odbcinst/SQLCreateDataSource.c Examining data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c Examining data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c Examining data/unixodbc-2.3.6/libltdl/libltdl/lt__argz_.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt_error.h Examining data/unixodbc-2.3.6/libltdl/libltdl/slist.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt__glibc.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt__dirent.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt_dlloader.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt__private.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt_system.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt__alloc.h Examining data/unixodbc-2.3.6/libltdl/libltdl/lt__strl.h Examining data/unixodbc-2.3.6/libltdl/loaders/load_add_on.c Examining data/unixodbc-2.3.6/libltdl/loaders/preopen.c Examining data/unixodbc-2.3.6/libltdl/loaders/shl_load.c Examining data/unixodbc-2.3.6/libltdl/loaders/dld_link.c Examining data/unixodbc-2.3.6/libltdl/loaders/loadlibrary.c Examining data/unixodbc-2.3.6/libltdl/loaders/dyld.c Examining data/unixodbc-2.3.6/libltdl/loaders/dlopen.c Examining data/unixodbc-2.3.6/libltdl/lt__argz.c Examining data/unixodbc-2.3.6/libltdl/lt__alloc.c Examining data/unixodbc-2.3.6/libltdl/lt_dlloader.c Examining data/unixodbc-2.3.6/libltdl/slist.c Examining data/unixodbc-2.3.6/libltdl/lt__strl.c Examining data/unixodbc-2.3.6/libltdl/ltdl.h Examining data/unixodbc-2.3.6/libltdl/ltdl.c Examining data/unixodbc-2.3.6/libltdl/lt_error.c Examining data/unixodbc-2.3.6/libltdl/lt__dirent.c Examining data/unixodbc-2.3.6/cur/SQLTables.c Examining data/unixodbc-2.3.6/cur/SQLPrepare.c Examining data/unixodbc-2.3.6/cur/SQLGetDiagRec.c Examining data/unixodbc-2.3.6/cur/SQLColAttribute.c Examining data/unixodbc-2.3.6/cur/SQLGetDiagField.c Examining data/unixodbc-2.3.6/cur/SQLTransact.c Examining data/unixodbc-2.3.6/cur/SQLProcedureColumns.c Examining data/unixodbc-2.3.6/cur/SQLExtendedFetch.c Examining data/unixodbc-2.3.6/cur/SQLAllocHandle.c Examining data/unixodbc-2.3.6/cur/SQLGetDescField.c Examining data/unixodbc-2.3.6/cur/SQLCancel.c Examining data/unixodbc-2.3.6/cur/SQLEndTran.c Examining data/unixodbc-2.3.6/cur/SQLGetConnectOption.c Examining data/unixodbc-2.3.6/cur/SQLFetchScroll.c Examining data/unixodbc-2.3.6/cur/SQLSetConnectOption.c Examining data/unixodbc-2.3.6/cur/SQLGetDescRec.c Examining data/unixodbc-2.3.6/cur/SQLGetCursorName.c Examining data/unixodbc-2.3.6/cur/SQLCopyDesc.c Examining data/unixodbc-2.3.6/cur/SQLConnect.c Examining data/unixodbc-2.3.6/cur/SQLSetStmtOption.c Examining data/unixodbc-2.3.6/cur/SQLAllocStmt.c Examining data/unixodbc-2.3.6/cur/SQLError.c Examining data/unixodbc-2.3.6/cur/SQLFetch.c Examining data/unixodbc-2.3.6/cur/SQLGetTypeInfo.c Examining data/unixodbc-2.3.6/cur/SQLGetConnectAttr.c Examining data/unixodbc-2.3.6/cur/SQLParamData.c Examining data/unixodbc-2.3.6/cur/SQLParamOptions.c Examining data/unixodbc-2.3.6/cur/SQLGetInfo.c Examining data/unixodbc-2.3.6/cur/SQLBindParam.c Examining data/unixodbc-2.3.6/cur/SQLNumParams.c Examining data/unixodbc-2.3.6/cur/SQLFreeHandle.c Examining data/unixodbc-2.3.6/cur/SQLPutData.c Examining data/unixodbc-2.3.6/cur/SQLFreeStmt.c Examining data/unixodbc-2.3.6/cur/SQLRowCount.c Examining data/unixodbc-2.3.6/cur/SQLColAttributes.c Examining data/unixodbc-2.3.6/cur/SQLDescribeParam.c Examining data/unixodbc-2.3.6/cur/SQLSetStmtAttr.c Examining data/unixodbc-2.3.6/cur/SQLSetParam.c Examining data/unixodbc-2.3.6/cur/SQLTablePrivileges.c Examining data/unixodbc-2.3.6/cur/SQLNumResultCols.c Examining data/unixodbc-2.3.6/cur/SQLBindParameter.c Examining data/unixodbc-2.3.6/cur/SQLColumns.c Examining data/unixodbc-2.3.6/cur/cursorlibrary.h Examining data/unixodbc-2.3.6/cur/SQLSetConnectAttr.c Examining data/unixodbc-2.3.6/cur/SQLSetScrollOptions.c Examining data/unixodbc-2.3.6/cur/SQLBindCol.c Examining data/unixodbc-2.3.6/cur/SQLAllocHandleStd.c Examining data/unixodbc-2.3.6/cur/SQLExecDirect.c Examining data/unixodbc-2.3.6/cur/SQLSetPos.c Examining data/unixodbc-2.3.6/cur/SQLGetData.c Examining data/unixodbc-2.3.6/cur/SQLMoreResults.c Examining data/unixodbc-2.3.6/cur/SQLProcedures.c Examining data/unixodbc-2.3.6/cur/SQLGetStmtOption.c Examining data/unixodbc-2.3.6/cur/SQLColumnPrivileges.c Examining data/unixodbc-2.3.6/cur/SQLSetDescField.c Examining data/unixodbc-2.3.6/cur/SQLExecute.c Examining data/unixodbc-2.3.6/cur/SQLSetCursorName.c Examining data/unixodbc-2.3.6/cur/SQLGetStmtAttr.c Examining data/unixodbc-2.3.6/cur/SQLForeignKeys.c Examining data/unixodbc-2.3.6/cur/SQLCloseCursor.c Examining data/unixodbc-2.3.6/cur/SQLPrimaryKeys.c Examining data/unixodbc-2.3.6/cur/SQLSetDescRec.c Examining data/unixodbc-2.3.6/cur/SQLStatistics.c Examining data/unixodbc-2.3.6/cur/SQLSpecialColumns.c Examining data/unixodbc-2.3.6/cur/SQLNativeSql.c Examining data/unixodbc-2.3.6/cur/SQLDescribeCol.c Examining data/unixodbc-2.3.6/DriverManager/SQLColumnPrivileges.c Examining data/unixodbc-2.3.6/DriverManager/SQLDescribeParam.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDescField.c Examining data/unixodbc-2.3.6/DriverManager/SQLNumResultCols.c Examining data/unixodbc-2.3.6/DriverManager/__stats.h Examining data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c Examining data/unixodbc-2.3.6/DriverManager/__stats.c Examining data/unixodbc-2.3.6/DriverManager/SQLBindParameter.c Examining data/unixodbc-2.3.6/DriverManager/SQLPutData.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetCursorNameW.c Examining data/unixodbc-2.3.6/DriverManager/SQLTables.c Examining data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetEnvAttr.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetCursorName.c Examining data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c Examining data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetConnectOptionW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetTypeInfoW.c Examining data/unixodbc-2.3.6/DriverManager/SQLFetchScroll.c Examining data/unixodbc-2.3.6/DriverManager/SQLDriversW.c Examining data/unixodbc-2.3.6/DriverManager/SQLConnectW.c Examining data/unixodbc-2.3.6/DriverManager/__attribute.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c Examining data/unixodbc-2.3.6/DriverManager/SQLBindCol.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetCursorNameW.c Examining data/unixodbc-2.3.6/DriverManager/SQLColumns.c Examining data/unixodbc-2.3.6/DriverManager/SQLAllocEnv.c Examining data/unixodbc-2.3.6/DriverManager/SQLParamOptions.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetDescFieldW.c Examining data/unixodbc-2.3.6/DriverManager/SQLPrimaryKeysW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetData.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDescRecW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetTypeInfo.c Examining data/unixodbc-2.3.6/DriverManager/SQLAllocStmt.c Examining data/unixodbc-2.3.6/DriverManager/SQLProcedureColumns.c Examining data/unixodbc-2.3.6/DriverManager/SQLCancel.c Examining data/unixodbc-2.3.6/DriverManager/SQLTablesW.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c Examining data/unixodbc-2.3.6/DriverManager/SQLColAttributesW.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttr.c Examining data/unixodbc-2.3.6/DriverManager/SQLExecDirect.c Examining data/unixodbc-2.3.6/DriverManager/SQLAllocConnect.c Examining data/unixodbc-2.3.6/DriverManager/SQLParamData.c Examining data/unixodbc-2.3.6/DriverManager/SQLAllocHandleStd.c Examining data/unixodbc-2.3.6/DriverManager/SQLBindParam.c Examining data/unixodbc-2.3.6/DriverManager/SQLNumParams.c Examining data/unixodbc-2.3.6/DriverManager/SQLProcedures.c Examining data/unixodbc-2.3.6/DriverManager/SQLTablePrivileges.c Examining data/unixodbc-2.3.6/DriverManager/SQLFetch.c Examining data/unixodbc-2.3.6/DriverManager/SQLExecDirectW.c Examining data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c Examining data/unixodbc-2.3.6/DriverManager/SQLExecute.c Examining data/unixodbc-2.3.6/DriverManager/SQLTransact.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetConnectOption.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetConnectOptionW.c Examining data/unixodbc-2.3.6/DriverManager/SQLExtendedFetch.c Examining data/unixodbc-2.3.6/DriverManager/SQLError.c Examining data/unixodbc-2.3.6/DriverManager/drivermanager.h Examining data/unixodbc-2.3.6/DriverManager/SQLColumnPrivilegesW.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetDescField.c Examining data/unixodbc-2.3.6/DriverManager/SQLErrorW.c Examining data/unixodbc-2.3.6/DriverManager/SQLPrepareW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c Examining data/unixodbc-2.3.6/DriverManager/SQLStatisticsW.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetDescRec.c Examining data/unixodbc-2.3.6/DriverManager/SQLPrepare.c Examining data/unixodbc-2.3.6/DriverManager/SQLDisconnect.c Examining data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c Examining data/unixodbc-2.3.6/DriverManager/SQLStatistics.c Examining data/unixodbc-2.3.6/DriverManager/SQLForeignKeysW.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c Examining data/unixodbc-2.3.6/DriverManager/SQLCopyDesc.c Examining data/unixodbc-2.3.6/DriverManager/__connection.c Examining data/unixodbc-2.3.6/DriverManager/__info.c Examining data/unixodbc-2.3.6/DriverManager/SQLCancelHandle.c Examining data/unixodbc-2.3.6/DriverManager/SQLMoreResults.c Examining data/unixodbc-2.3.6/DriverManager/SQLSpecialColumns.c Examining data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetCursorName.c Examining data/unixodbc-2.3.6/DriverManager/SQLDrivers.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c Examining data/unixodbc-2.3.6/DriverManager/SQLProcedureColumnsW.c Examining data/unixodbc-2.3.6/DriverManager/SQLDescribeColW.c Examining data/unixodbc-2.3.6/DriverManager/SQLProceduresW.c Examining data/unixodbc-2.3.6/DriverManager/SQLFreeEnv.c Examining data/unixodbc-2.3.6/DriverManager/SQLEndTran.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c Examining data/unixodbc-2.3.6/DriverManager/SQLDataSources.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDescFieldW.c Examining data/unixodbc-2.3.6/DriverManager/SQLForeignKeys.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttrW.c Examining data/unixodbc-2.3.6/DriverManager/SQLCloseCursor.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c Examining data/unixodbc-2.3.6/DriverManager/SQLPrimaryKeys.c Examining data/unixodbc-2.3.6/DriverManager/SQLFreeConnect.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c Examining data/unixodbc-2.3.6/DriverManager/SQLSpecialColumnsW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c Examining data/unixodbc-2.3.6/DriverManager/SQLColAttributeW.c Examining data/unixodbc-2.3.6/DriverManager/SQLFreeStmt.c Examining data/unixodbc-2.3.6/DriverManager/__handles.c Examining data/unixodbc-2.3.6/DriverManager/SQLTablePrivilegesW.c Examining data/unixodbc-2.3.6/DriverManager/SQLRowCount.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetPos.c Examining data/unixodbc-2.3.6/DriverManager/SQLNativeSqlW.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetDescRec.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetFunctions.c Examining data/unixodbc-2.3.6/DriverManager/SQLColAttribute.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetParam.c Examining data/unixodbc-2.3.6/DriverManager/SQLDescribeCol.c Examining data/unixodbc-2.3.6/DriverManager/SQLColumnsW.c Examining data/unixodbc-2.3.6/DriverManager/SQLNativeSql.c Examining data/unixodbc-2.3.6/DriverManager/SQLSetScrollOptions.c Examining data/unixodbc-2.3.6/DriverManager/SQLBulkOperations.c Examining data/unixodbc-2.3.6/DriverManager/SQLColAttributes.c Examining data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c Examining data/unixodbc-2.3.6/DriverManager/SQLConnect.c Examining data/unixodbc-2.3.6/ini/iniOpen.c Examining data/unixodbc-2.3.6/ini/iniClose.c Examining data/unixodbc-2.3.6/ini/iniAllTrim.c Examining data/unixodbc-2.3.6/ini/_iniDump.c Examining data/unixodbc-2.3.6/ini/iniObjectFirst.c Examining data/unixodbc-2.3.6/ini/iniObject.c Examining data/unixodbc-2.3.6/ini/iniObjectInsert.c Examining data/unixodbc-2.3.6/ini/iniValue.c Examining data/unixodbc-2.3.6/ini/iniPropertyNext.c Examining data/unixodbc-2.3.6/ini/iniPropertyLast.c Examining data/unixodbc-2.3.6/ini/iniPropertyFirst.c Examining data/unixodbc-2.3.6/ini/iniAppend.c Examining data/unixodbc-2.3.6/ini/iniPropertySeek.c Examining data/unixodbc-2.3.6/ini/iniProperty.c Examining data/unixodbc-2.3.6/ini/iniObjectEOL.c Examining data/unixodbc-2.3.6/ini/iniObjectDelete.c Examining data/unixodbc-2.3.6/ini/iniGotoBookmark.c Examining data/unixodbc-2.3.6/ini/_iniObjectRead.c Examining data/unixodbc-2.3.6/ini/iniObjectUpdate.c Examining data/unixodbc-2.3.6/ini/iniPropertyInsert.c Examining data/unixodbc-2.3.6/ini/iniObjectSeekSure.c Examining data/unixodbc-2.3.6/ini/iniPropertyEOL.c Examining data/unixodbc-2.3.6/ini/iniCursor.c Examining data/unixodbc-2.3.6/ini/iniObjectNext.c Examining data/unixodbc-2.3.6/ini/iniObjectLast.c Examining data/unixodbc-2.3.6/ini/iniToUpper.c Examining data/unixodbc-2.3.6/ini/iniCommit.c Examining data/unixodbc-2.3.6/ini/iniPropertySeekSure.c Examining data/unixodbc-2.3.6/ini/iniPropertyDelete.c Examining data/unixodbc-2.3.6/ini/iniGetBookmark.c Examining data/unixodbc-2.3.6/ini/_iniScanUntilObject.c Examining data/unixodbc-2.3.6/ini/iniObjectSeek.c Examining data/unixodbc-2.3.6/ini/iniDelete.c Examining data/unixodbc-2.3.6/ini/iniElementCount.c Examining data/unixodbc-2.3.6/ini/iniPropertyUpdate.c Examining data/unixodbc-2.3.6/ini/iniElement.c Examining data/unixodbc-2.3.6/ini/iniPropertyValue.c Examining data/unixodbc-2.3.6/ini/_iniPropertyRead.c Examining data/unixodbc-2.3.6/lst/_lstNextValidItem.c Examining data/unixodbc-2.3.6/lst/lstAppend.c Examining data/unixodbc-2.3.6/lst/lstGet.c Examining data/unixodbc-2.3.6/lst/lstOpenCursor.c Examining data/unixodbc-2.3.6/lst/lstEOL.c Examining data/unixodbc-2.3.6/lst/_lstPrevValidItem.c Examining data/unixodbc-2.3.6/lst/_lstVisible.c Examining data/unixodbc-2.3.6/lst/lstFirst.c Examining data/unixodbc-2.3.6/lst/lstClose.c Examining data/unixodbc-2.3.6/lst/_lstFreeItem.c Examining data/unixodbc-2.3.6/lst/_lstDump.c Examining data/unixodbc-2.3.6/lst/lstInsert.c Examining data/unixodbc-2.3.6/lst/lstPrev.c Examining data/unixodbc-2.3.6/lst/lstSetFreeFunc.c Examining data/unixodbc-2.3.6/lst/_lstAdjustCurrent.c Examining data/unixodbc-2.3.6/lst/lstDelete.c Examining data/unixodbc-2.3.6/lst/lstOpen.c Examining data/unixodbc-2.3.6/lst/lstSeekItem.c Examining data/unixodbc-2.3.6/lst/lstGetBookMark.c Examining data/unixodbc-2.3.6/lst/lstNext.c Examining data/unixodbc-2.3.6/lst/lstGoto.c Examining data/unixodbc-2.3.6/lst/lstLast.c Examining data/unixodbc-2.3.6/lst/lstGotoBookMark.c Examining data/unixodbc-2.3.6/lst/lstSeek.c Examining data/unixodbc-2.3.6/lst/lstSet.c Examining data/unixodbc-2.3.6/include/log.h Examining data/unixodbc-2.3.6/include/odbcinst.h Examining data/unixodbc-2.3.6/include/sqp.h Examining data/unixodbc-2.3.6/include/sqlspi.h Examining data/unixodbc-2.3.6/include/lst.h Examining data/unixodbc-2.3.6/include/sqlext.h Examining data/unixodbc-2.3.6/include/uodbc_stats.h Examining data/unixodbc-2.3.6/include/odbcinstext.h Examining data/unixodbc-2.3.6/include/sql.h Examining data/unixodbc-2.3.6/include/uodbc_extras.h Examining data/unixodbc-2.3.6/include/sqlucode.h Examining data/unixodbc-2.3.6/include/ini.h Examining data/unixodbc-2.3.6/include/odbctrac.h Examining data/unixodbc-2.3.6/include/autotest.h Examining data/unixodbc-2.3.6/include/odbctrace.h Examining data/unixodbc-2.3.6/include/sqltypes.h Examining data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c Examining data/unixodbc-2.3.6/DRVConfig/nn/drvcfg.c Examining data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c Examining data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c Examining data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c Examining data/unixodbc-2.3.6/DRVConfig/drvcfg2/drvcfg2.c Examining data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c Examining data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c Examining data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c Examining data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c Examining data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c Examining data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c Examining data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c Examining data/unixodbc-2.3.6/log/logPushMsg.c Examining data/unixodbc-2.3.6/log/logClear.c Examining data/unixodbc-2.3.6/log/logOpen.c Examining data/unixodbc-2.3.6/log/logClose.c Examining data/unixodbc-2.3.6/log/logPeekMsg.c Examining data/unixodbc-2.3.6/log/logPopMsg.c Examining data/unixodbc-2.3.6/log/_logFreeMsg.c Examining data/unixodbc-2.3.6/log/logOn.c Examining data/unixodbc-2.3.6/extras/snprintf.c Examining data/unixodbc-2.3.6/extras/strcasecmp.c Examining data/unixodbc-2.3.6/extras/vms.c Examining data/unixodbc-2.3.6/samples/cursor.c Examining data/unixodbc-2.3.6/exe/odbcinst.c Examining data/unixodbc-2.3.6/exe/slencheck.c Examining data/unixodbc-2.3.6/exe/isql.c Examining data/unixodbc-2.3.6/exe/isql.h Examining data/unixodbc-2.3.6/exe/odbc-config.c Examining data/unixodbc-2.3.6/exe/iusql.c Examining data/unixodbc-2.3.6/exe/dltest.c FINAL RESULTS: data/unixodbc-2.3.6/DriverManager/__info.c:5846:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod( file_name, 0666 ); data/unixodbc-2.3.6/DriverManager/__info.c:5933:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod( file_name, 0666 ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:60:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[0]); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:70:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[1]); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:80:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[2]); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:90:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[3]); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:107:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[4]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:79:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[0]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:89:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[1]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:98:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[2]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:107:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[3]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:116:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[4]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:125:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[5]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:134:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[6]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:144:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[7]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:154:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[8]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:164:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[9]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:174:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[10]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:184:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[11]); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:194:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hLastProperty->pszHelp, help_strings[12]); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:111:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( hLastProperty->pszHelp, szHelpDatabase ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:136:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( hLastProperty->pszHelp, szHelpPassword ); data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:481:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> unicode_string, DEFAULT_ICONV_ENCODING ); data/unixodbc-2.3.6/DriverManager/SQLBindCol.c:220:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLBindCol.c:339:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLBindParam.c:168:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLBindParam.c:329:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLBindParameter.c:192:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLBindParameter.c:429:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:235:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:385:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, dsn ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:428:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( in_str, (char*)conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:520:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:552:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:592:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:610:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:198:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:308:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( in_str, "DSN=%s;", dsn ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:331:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, dsn ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:647:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLBulkOperations.c:300:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLCancel.c:293:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLCancelHandle.c:197:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLCancelHandle.c:283:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLCloseCursor.c:229:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColAttribute.c:277:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColAttribute.c:704:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColAttributeW.c:139:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColAttributeW.c:542:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColAttributes.c:264:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColAttributes.c:637:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColAttributesW.c:175:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColAttributesW.c:604:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColumnPrivileges.c:187:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColumnPrivileges.c:406:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColumnPrivilegesW.c:159:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColumnPrivilegesW.c:380:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColumns.c:202:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColumns.c:421:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLColumnsW.c:157:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColumnsW.c:366:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnect.c:855:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( single_lib_name, libname ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1135:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( txt, "Can't open lib '%s' : %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1207:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%sW", connection -> functions[ i ].name ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1211:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%sA", connection -> functions[ i ].name ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1233:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%sW", connection -> functions[ i ].name ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1619:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1650:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1755:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1788:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2197:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> cli_year, txt ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2326:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ext, SHLIBEXT ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2330:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s%s.%s", CURSOR_LIB, ext, CURSOR_LIB_VER ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2332:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s%s", CURSOR_LIB, ext ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2344:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s:%s%s.%s", odbcinst_system_file_path( b1 ), CURSOR_LIB, ext, CURSOR_LIB_VER ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2348:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s.%s", CURSOR_LIB, ext ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2350:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s/%s%s.%s", odbcinst_system_file_path( b1 ), CURSOR_LIB, ext, CURSOR_LIB_VER ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2355:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s:%s%s", odbcinst_system_file_path( b1 ), CURSOR_LIB, ext ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2359:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s%s", CURSOR_LIB, ext ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2361:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( name, "%s/%s%s", odbcinst_system_file_path( b1 ), CURSOR_LIB, ext ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2369:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( txt, "Can't open cursor lib '%s' : %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3430:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> probe_sql, ptr -> connection.probe_sql ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3442:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, ptr -> connection.dsn ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3548:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> connection.probe_sql, connection -> probe_sql ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3559:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> server, connection -> server ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3569:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> user, connection -> user ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3579:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> password, connection -> password ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3589:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> driver_connect_string, connection -> driver_connect_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3598:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> connection.dsn, connection -> dsn ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3741:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3875:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3903:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> server, (char*)server_name ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3920:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> user, (char*)user_name ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3937:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> password, (char*)authentication ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4067:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4100:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4119:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4207:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4248:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4270:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4290:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, dsn ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:4325:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:192:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:479:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:517:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:562:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:600:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:632:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, (char*)ansi_dsn ); data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:666:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLCopyDesc.c:283:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( target_descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLCopyDesc.c:506:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( src_descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:322:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( property, driver ); data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:358:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) server_name, object ); data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:371:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) description, property ); data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:390:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:237:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( property, driver ); data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:318:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLDescribeCol.c:482:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLDescribeCol.c:487:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLDescribeColW.c:445:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLDescribeColW.c:450:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLDescribeParam.c:325:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLDisconnect.c:296:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDisconnect.c:318:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDisconnect.c:374:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:346:32: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. char *tmp2 = tmp + sprintf( tmp, "%s={", cp -> keyword ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:361:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp, "%s=%s;", cp -> keyword, cp -> attribute ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:370:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( str, tmp ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:492:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> attribute, value ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:503:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> keyword, kword ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:506:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr -> attribute, value ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:730:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:942:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:977:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> driver_connect_string, (char*)conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:999:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( savefile, tsavefile ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1025:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*)local_conn_str_in, (char*)conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1075:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( str1, ";%s=%s", cp -> keyword, cp -> attribute ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1079:24: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( str1, "%s=%s", cp -> keyword, cp -> attribute ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1083:24: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) conn_str_in, str1 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1131:30: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( str1, ";%s=%s", cp -> keyword, cp -> attribute ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1135:30: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( str1, "%s=%s", cp -> keyword, cp -> attribute ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1138:33: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) conn_str_in, str1 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1206:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( driver_name, driver ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1227:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( lib_name, driver ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1303:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, dsn ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1421:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1454:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1474:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1571:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1612:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1634:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1710:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1718:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1742:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) conn_str_out, savefile ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1744:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) conn_str_out, str ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1757:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) conn_str_out, save_filedsn ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1759:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) conn_str_out, str ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:272:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:463:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( driver_name, driver ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:484:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( lib_name, driver ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:545:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( connection -> dsn, dsn ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:694:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:841:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:892:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:904:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:358:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) sz_driver_desc, object ); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:382:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:399:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buffer, "%s=%s", szPropertyName, data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:412:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) sz_driver_attributes, buffer ); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:437:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_user_file_path( b1 ), odbcinst_user_file_name( b2 )); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:454:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buffer, "%s=%s", szPropertyName, data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:465:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) sz_driver_attributes, buffer ); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:505:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:306:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:323:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buffer, "%s=%s", szPropertyName, data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:369:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:386:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buffer, "%s=%s", szPropertyName, data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:446:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLEndTran.c:384:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLEndTran.c:561:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:247:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) message_text, str ); data/unixodbc-2.3.6/DriverManager/SQLError.c:370:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:383:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:452:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:465:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:532:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:545:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:295:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:312:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:416:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:433:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:501:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:518:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLExecDirect.c:231:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLExecDirect.c:516:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLExecDirectW.c:168:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLExecDirectW.c:451:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLExecute.c:352:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLExtendedFetch.c:334:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLFetch.c:347:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLFetchScroll.c:351:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLForeignKeys.c:209:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLForeignKeys.c:458:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLForeignKeysW.c:168:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLForeignKeysW.c:412:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeStmt.c:261:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:229:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:279:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:589:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:600:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:804:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:223:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:533:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:544:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:749:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:192:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, log_info.log_file_name ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:220:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:339:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:502:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:521:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectOptionW.c:189:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetConnectOptionW.c:309:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetConnectOptionW.c:498:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetCursorName.c:299:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetCursorNameW.c:283:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetData.c:221:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetData.c:535:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDescField.c:194:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetDescField.c:419:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDescFieldW.c:163:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetDescFieldW.c:389:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDescRec.c:400:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDescRecW.c:345:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:702:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( diag_info_ptr, str ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:774:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( diag_info_ptr, str ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:904:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:963:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:1022:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:1081:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:761:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:859:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:957:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:1055:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:350:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) message_text, (char*) as1 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:489:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) message_text,(char*) as1 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:627:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:640:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:705:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:718:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:783:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:796:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:861:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:874:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:408:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:429:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:536:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:557:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:664:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:685:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:792:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:813:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:144:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:217:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, VERSION ); data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:238:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( value, odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:268:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetFunctions.c:142:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetFunctions.c:202:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:222:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:561:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( info_value, cptr ); data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:178:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:375:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:514:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:577:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:210:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:533:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:140:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:343:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:150:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:324:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetTypeInfo.c:161:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetTypeInfo.c:316:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetTypeInfoW.c:135:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetTypeInfoW.c:281:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLMoreResults.c:177:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLMoreResults.c:324:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLNativeSql.c:204:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLNativeSql.c:377:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLNativeSqlW.c:174:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLNativeSqlW.c:349:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLNumParams.c:224:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLNumResultCols.c:238:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLNumResultCols.c:245:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLParamData.c:355:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLParamOptions.c:273:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLPrepare.c:187:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLPrepare.c:372:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLPrepareW.c:156:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLPrepareW.c:341:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLPrimaryKeys.c:190:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLPrimaryKeys.c:415:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLPrimaryKeysW.c:155:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLPrimaryKeysW.c:381:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLProcedureColumns.c:184:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLProcedureColumns.c:389:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLProcedureColumnsW.c:159:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLProcedureColumnsW.c:360:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLProcedures.c:178:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLProcedures.c:371:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLProceduresW.c:155:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLProceduresW.c:346:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLPutData.c:310:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLRowCount.c:240:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttr.c:385:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttr.c:683:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttr.c:854:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttrW.c:321:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttrW.c:618:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttrW.c:796:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectOption.c:340:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetConnectOption.c:522:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectOption.c:642:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectOptionW.c:261:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetConnectOptionW.c:441:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetConnectOptionW.c:505:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetCursorName.c:157:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetCursorName.c:289:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetCursorNameW.c:110:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetCursorNameW.c:242:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetDescField.c:173:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetDescField.c:384:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetDescFieldW.c:156:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetDescFieldW.c:338:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetDescFieldW.c:393:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetEnvAttr.c:178:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetEnvAttr.c:376:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetParam.c:230:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetParam.c:388:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetPos.c:339:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetScrollOptions.c:560:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:254:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:447:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:469:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:487:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:589:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:611:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:627:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttr.c:923:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:155:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:367:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:389:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:499:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:521:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:537:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtAttrW.c:715:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:188:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:472:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c:214:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c:453:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSpecialColumns.c:193:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSpecialColumns.c:481:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLSpecialColumnsW.c:160:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSpecialColumnsW.c:446:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLStatistics.c:188:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLStatistics.c:463:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLStatisticsW.c:158:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLStatisticsW.c:430:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLTablePrivileges.c:184:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLTablePrivileges.c:377:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLTablePrivilegesW.c:159:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLTablePrivilegesW.c:350:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLTables.c:191:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLTables.c:424:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLTablesW.c:157:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLTablesW.c:387:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLTransact.c:355:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLTransact.c:522:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/__attribute.c:876:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( nap -> keyword, ap -> keyword ); data/unixodbc-2.3.6/DriverManager/__attribute.c:879:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( nap -> value, ap -> value ); data/unixodbc-2.3.6/DriverManager/__attribute.c:986:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tENV ATTR [%s=%s] ret = %d", data/unixodbc-2.3.6/DriverManager/__attribute.c:1031:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tENV ATTR [%s=%s] ret = %d", data/unixodbc-2.3.6/DriverManager/__attribute.c:1102:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tCONN ATTR [%s=%s] ret = %d", data/unixodbc-2.3.6/DriverManager/__attribute.c:1201:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tSTMT ATTR [%s=%s] ret = %d", data/unixodbc-2.3.6/DriverManager/__attribute.c:1297:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( msg, "\t\tATTR OVERRIDE [%s=%s]", data/unixodbc-2.3.6/DriverManager/__attribute.c:1363:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( msg, "\t\tATTR OVERRIDE [%s=%s]", data/unixodbc-2.3.6/DriverManager/__connection.c:151:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( driver, driver_lib ); data/unixodbc-2.3.6/DriverManager/__connection.c:171:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( driver_name, driver ); data/unixodbc-2.3.6/DriverManager/__connection.c:178:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( lib_name, driver_lib ); data/unixodbc-2.3.6/DriverManager/__info.c:538:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ascii, asc[ j ] ); data/unixodbc-2.3.6/DriverManager/__info.c:539:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( unicode, be ? be_ucode[ i ] : le_ucode[ i ] ); data/unixodbc-2.3.6/DriverManager/__info.c:554:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( unicode, connection -> unicode_string ); data/unixodbc-2.3.6/DriverManager/__info.c:560:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ascii, asc[ j ] ); data/unixodbc-2.3.6/DriverManager/__info.c:574:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ascii, ASCII_ENCODING ); data/unixodbc-2.3.6/DriverManager/__info.c:580:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( unicode, be ? be_ucode[ i ] : le_ucode[ i ] ); data/unixodbc-2.3.6/DriverManager/__info.c:588:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ascii, ASCII_ENCODING ); data/unixodbc-2.3.6/DriverManager/__info.c:589:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( unicode, connection -> unicode_string ); data/unixodbc-2.3.6/DriverManager/__info.c:594:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tUNICODE Using encoding ASCII '%s' and UNICODE '%s'", data/unixodbc-2.3.6/DriverManager/__info.c:3090:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( state, ptr -> ver2 ); data/unixodbc-2.3.6/DriverManager/__info.c:3104:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( state, ptr -> ver3 ); data/unixodbc-2.3.6/DriverManager/__info.c:3154:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char*) ostr, "[%s][length = %ld (SQL_NTS)]", data/unixodbc-2.3.6/DriverManager/__info.c:3194:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) ostr, tmp ); data/unixodbc-2.3.6/DriverManager/__info.c:3211:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) ostr, tmp ); data/unixodbc-2.3.6/DriverManager/__info.c:3887:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) msg, ERROR_PREFIX ); data/unixodbc-2.3.6/DriverManager/__info.c:3888:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) msg, (char*) message_text ); data/unixodbc-2.3.6/DriverManager/__info.c:4238:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) msg, (char*)msg1 ); data/unixodbc-2.3.6/DriverManager/__info.c:4240:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) msg, ERROR_PREFIX ); data/unixodbc-2.3.6/DriverManager/__info.c:4241:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) msg, (char*)msg1 ); data/unixodbc-2.3.6/DriverManager/__info.c:4442:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/__info.c:4510:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) msg, (char*)msg1 ); data/unixodbc-2.3.6/DriverManager/__info.c:4512:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) msg, ERROR_PREFIX ); data/unixodbc-2.3.6/DriverManager/__info.c:4513:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) msg, (char*)msg1 ); data/unixodbc-2.3.6/DriverManager/__info.c:4553:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/__info.c:4794:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/__info.c:4898:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( connection -> msg, "\t\tDIAG [%s] %s", data/unixodbc-2.3.6/DriverManager/__info.c:5785:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) msg, DM_ERROR_PREFIX ); data/unixodbc-2.3.6/DriverManager/__info.c:5839:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_name, "%s/%s", log_info.log_file_name, __get_pid((SQLCHAR*) str )); data/unixodbc-2.3.6/DriverManager/__info.c:5926:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( file_name, "%s/%s", log_info.log_file_name, __get_pid((SQLCHAR*) str )); data/unixodbc-2.3.6/DriverManager/__stats.c:183:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(odbcini, F_OK) < 0) data/unixodbc-2.3.6/DriverManager/__stats.c:471:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, errmsg); data/unixodbc-2.3.6/DriverManager/__stats.c:713:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, notbuilt); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBindCol.c:49:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hStmt->szSqlMsg, "SQL_ERROR Column %d is out of range. Range is 1 - %s", nCol, hStmt->hStmtExtras->nCols ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumns.c:123:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hStmt->szSqlMsg, "SQL_ERROR Query failed. %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:34:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "hDbc=$%08lX szDataSource=(%s)", hDbc, szDataSource ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:61:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_ERROR Could not find Driver entry for %s in system information", szDataSource ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:79:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_ERROR %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:81:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_WARNING Failed to use (%s)", szCONFIGFILE ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:97:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_ERROR %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:99:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_ERROR Failed to connect to (%s)", szHOST ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:111:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_WARNING %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:113:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_WARNING Connected to server but failed to use database (%s)", szDATABASE ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:118:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hDbc->szSqlMsg, "SQL_INFO DATABASE=%s", szDATABASE ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeCol.c:43:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hStmt->szSqlMsg, "SQL_ERROR Column %d is out of range. Range is 1 - %s", nCol, hStmt->hStmtExtras->nCols ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetInfo.c:40:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pInfoValue, ver); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLStatistics.c:111:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hStmt->szSqlMsg, "SQL_ERROR Query failed. %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTables.c:79:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hStmt->szSqlMsg, "SQL_ERROR Query failed. %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/_Execute.c:51:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( hStmt->szSqlMsg, "SQL_ERROR Query failed. %s", msqlErrMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeTypeDesc.c:18:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszTypeName, "%s", msqlTypeNames[nMiniSQLType] ); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:668:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, PG62); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:670:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, PG63); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:744:35: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. password = crypt( ci -> password, salt ); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:921:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&msg[pos], ";\n%s", sock->errormsg); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1564:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(self->pg_version, self->connInfo.protocol); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:404:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rgbValueBindRow, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:592:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(saved_locale,setlocale(LC_ALL, NULL)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:608:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(saved_locale, setlocale(LC_ALL, NULL)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:788:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_statement, "declare %s cursor for ", stmt->cursor_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:941:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, setlocale(LC_ALL, NULL)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:953:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, setlocale(LC_ALL, NULL)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1074:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1085:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1101:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1113:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1127:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1228:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1239:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "'%s'::float4", param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1240:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1247:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "'%s'::float8", param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1248:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1259:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cbuf, "'%s'::numeric", param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1272:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_statement[npos], param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1376:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(escape, mapFunc); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1626:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&out[o], conv_to_octal(in[i])); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:244:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Advanced Options (%s)", ci->dsn); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:291:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, PG62); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:293:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, PG63); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:295:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, PG64); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:329:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(connect_string, "%s=%s;DATABASE=%s;SERVER=%s;PORT=%s;UID=%s;PWD=%s", data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:341:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&connect_string[strlen(connect_string)], data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:357:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->dsn, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:360:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->driver, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:363:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->database, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:366:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->server, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:369:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->username, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:372:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->password, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:375:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->port, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:378:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->uds, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:381:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->onlyread, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:384:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:387:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->show_oid_column, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:390:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->fake_oid_index, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:393:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->row_versioning, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:396:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->show_system_tables, value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:411:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->port, DEFAULT_PORT); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:417:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ci->protocol, globals.protocol); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:445:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(DSN, INI_DSN); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:788:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(globals.extra_systable_prefixes, temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:790:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(globals.extra_systable_prefixes, DEFAULT_EXTRASYSTABLEPREFIXES); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:817:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(globals.protocol, temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:819:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(globals.protocol, DEFAULT_PROTOCOL); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:126:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(self->statement, buffer); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:759:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, rgbValue); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:198:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s %s", POSTGRESDRIVERVERSION, conn->pg_version); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1007:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefixes, globals.extra_systable_prefixes); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1022:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(table_types, tableType); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1053:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tables_query, " and relname !~ '^" POSTGRES_SYS_PREFIX); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1059:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tables_query, prefix[i]); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1262:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(columns_query, "select u.usename, c.relname, a.attname, a.atttypid" data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1885:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(column_names[total_columns-1], column_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1909:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(index_query, "select c.relname, i.indkey, i.indisunique" data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1985:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s_idx_fake_oid", table_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2192:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tables_query, "select distinct on (attnum) a2.attname, a2.attnum from pg_attribute a1, pg_attribute a2, pg_class c, pg_index i where c.relname = '%s_pkey' AND c.oid = i.indexrelid AND a1.attrelid = c.oid AND a2.attrelid = c.oid AND (i.indkey[0] = a1.attnum OR i.indkey[1] = a1.attnum OR i.indkey[2] = a1.attnum OR i.indkey[3] = a1.attnum OR i.indkey[4] = a1.attnum OR i.indkey[5] = a1.attnum OR i.indkey[6] = a1.attnum OR i.indkey[7] = a1.attnum) order by a2.attnum", pktab); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2198:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tables_query, "select ta.attname, ia.attnum" data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2406:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tables_query, "SELECT pt.tgargs, " data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2671:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tables_query, "SELECT pg_trigger.tgargs, " data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.c:338:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(crypt_buf, passwd); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:49:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,dirname); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:50:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename,DIRSEPARATOR); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:52:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename,prefix); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:54:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filename,ptr->pw_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:56:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s%u%s",filename,pid,".log"); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:80:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(LOGFP, fmt, args); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:108:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(LOGFP, fmt, args); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:250:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(&buf[pos], fmt, length, s); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:186:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fi->name, QR_get_value_manual(col_info->result, k, 3)); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:384:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fi[stmt->nfld]->name, token); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:404:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fi[stmt->nfld]->dot, fi[stmt->nfld]->name); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:405:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fi[stmt->nfld]->name, token); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:419:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fi[stmt->nfld]->alias, token); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:484:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ti[stmt->ntab]->name, token); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:497:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ti[stmt->ntab-1]->alias, token); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:618:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(conn->col_info[conn->ntables]->name, ti[i]->name); data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:302:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "close %s", self->cursor); data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:421:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fetch, "fetch %d in %s", fetch_size, self->cursor); data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c:167:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( sadr.sun_path, "%s.%d", path, port ); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:561:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&msg[pos], ";\n%s", CC_get_errormsg(conn)); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:566:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(&msg[pos], ";\n%s", sock->errormsg); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:851:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fetch, "fetch %d in %s", qi.row_size, self->cursor_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:36:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tuple_field->value, string); data/unixodbc-2.3.6/Drivers/nn/SQLError.c:65:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, NNODBC_ERRHEAD "%s", msg); data/unixodbc-2.3.6/Drivers/nn/connect.c:180:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( buf, "%s%s", ptr, "/.odbc.ini"); data/unixodbc-2.3.6/Drivers/nn/nnconfig.h:30:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). # define STRCPY(t, s) (strcpy((char*)(t), (char*)(s))) data/unixodbc-2.3.6/Drivers/nn/nnconfig.h:32:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). # define STRCAT(t, s) (strcat((char*)(t), (char*)(s))) data/unixodbc-2.3.6/Drivers/nn/nnconfig.h:77:26: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define SOCK_FPRINTF fprintf data/unixodbc-2.3.6/Drivers/nn/nndate.c:33:2: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(str, "%d %s %d", &(dt.day), buf, &(dt.year)); data/unixodbc-2.3.6/Drivers/nn/nntp.c:828:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( msgbuf, "cancel %s", msgid); data/unixodbc-2.3.6/Drivers/nn/yyparse.c:1715:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(msg, count == 0 ? ", expecting `" : " or `"); data/unixodbc-2.3.6/Drivers/nn/yyparse.c:1716:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(msg, yytname[x]); data/unixodbc-2.3.6/Drivers/nn/yyparse.c:2099:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(pstmt->msgbuf, NNSQL_ERRHEAD "%s", msg); data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:35:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char*) hDbc->szSqlMsg, "hDbc=$%08lX 3zDataSource=(%s)", (long)hDbc, szDataSource ); data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:73:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char*) hDbc->szSqlMsg, "SQL_ERROR Could not find Driver entry for %s in system information", szDataSource ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:86:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szDSN, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:88:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szDRIVER, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:90:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szUID, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:92:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szPWD, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:94:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szHOST, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:96:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szDATABASE, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:98:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szSOCKET, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:100:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szPORT, szValue ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:102:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szFLAG, szValue ); data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:222:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buffer, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:346:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buffer, data/unixodbc-2.3.6/cur/SQLGetCursorName.c:85:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) cursor_name, (char*) cl_statement -> cursor_name ); data/unixodbc-2.3.6/cur/SQLGetData.c:383:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) sql, cl_statement -> sql_text ); data/unixodbc-2.3.6/cur/SQLGetData.c:424:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( addon, " %s IS NULL", cl_statement -> column_names[ col - 1 ] ); data/unixodbc-2.3.6/cur/SQLGetData.c:431:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) sql, addon ); data/unixodbc-2.3.6/cur/SQLGetData.c:436:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( addon, " %s = ?", cl_statement -> column_names[ col - 1 ] ); data/unixodbc-2.3.6/cur/SQLGetData.c:443:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) sql, addon ); data/unixodbc-2.3.6/cur/SQLGetInfo.c:174:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( info_value, cval ); data/unixodbc-2.3.6/cur/SQLSetCursorName.c:80:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char*) cl_statement -> cursor_name, (char*) cursor_name ); data/unixodbc-2.3.6/exe/isql.c:1584:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) *szSepLine,(char*) szColumn ); data/unixodbc-2.3.6/exe/isql.c:1592:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( (char*)szHdrLine,(char*) szColumn ); data/unixodbc-2.3.6/exe/isql.c:1665:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( (char*)szColumn, "| %-*s", (int)nOptimalDisplayWidth, "" ); data/unixodbc-2.3.6/exe/isql.c:1819:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/unixodbc-2.3.6/exe/iusql.c:340:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( zcstr, "DSN=%s", dsn ); data/unixodbc-2.3.6/exe/iusql.c:343:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp, ";UID=%s", uid ); data/unixodbc-2.3.6/exe/iusql.c:344:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( zcstr, tmp ); data/unixodbc-2.3.6/exe/iusql.c:348:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( tmp, ";PWD=%s", pwd ); data/unixodbc-2.3.6/exe/iusql.c:349:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( zcstr, tmp ); data/unixodbc-2.3.6/exe/iusql.c:790:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) szSepLine,(char*) szColumn ); data/unixodbc-2.3.6/exe/iusql.c:793:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char*) szColumn, "| %-*s", (int)max( nMaxLength, strlen((char*)szColumnName) ), (char*)szColumnName ); data/unixodbc-2.3.6/exe/iusql.c:794:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) szHdrLine,(char*) szColumn ); data/unixodbc-2.3.6/exe/iusql.c:847:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) szColumn, (char*) szColumnValue ); data/unixodbc-2.3.6/exe/iusql.c:857:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char*) szColumn, (char*) szColumnValue ); data/unixodbc-2.3.6/exe/iusql.c:867:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char*) szColumn, "| %-*s", (int)max( nMaxLength, strlen((char*) szColumnName) ), "" ); data/unixodbc-2.3.6/exe/odbcinst.c:169:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pChar, "%s", szObject ); data/unixodbc-2.3.6/exe/odbcinst.c:177:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pChar, "%s=%s", szProperty, szValue ); data/unixodbc-2.3.6/exe/odbcinst.c:470:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szFileName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/extras/vms.c:45:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(translate_buffer, name); data/unixodbc-2.3.6/extras/vms.c:76:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(local_fspec, filename); data/unixodbc-2.3.6/extras/vms.c:88:34: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (num_translated == 1) strcpy(local_fspec, translate_buffer); data/unixodbc-2.3.6/include/ini.h:468:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define uo_fprintf fprintf data/unixodbc-2.3.6/include/ini.h:469:21: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define uo_vfprintf vfprintf data/unixodbc-2.3.6/include/uodbc_extras.h:64:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf uodbc_snprintf data/unixodbc-2.3.6/include/uodbc_extras.h:68:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf uodbc_vsnprintf data/unixodbc-2.3.6/ini/iniOpen.c:127:24: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. lNeededSize = vsnprintf(szBuffer, lBufSize, fmt, ap); data/unixodbc-2.3.6/ini/iniOpen.c:194:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( (*hIni)->cComment, cComment ); data/unixodbc-2.3.6/ini/iniOpen.c:263:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szObjectName, tmpObjectName); data/unixodbc-2.3.6/ini/iniOpen.c:277:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szPropertyName, tmpPropertyName); data/unixodbc-2.3.6/ini/iniOpen.c:279:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szPropertyValue, ValueList); data/unixodbc-2.3.6/ini/iniOpen.c:373:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( (*hIni)->cComment, cComment ); data/unixodbc-2.3.6/libltdl/libltdl/lt__private.h:117:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void * system; /* system specific data */ data/unixodbc-2.3.6/libltdl/loaders/dlopen.c:229:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (attempt, "%s%s", filename, member); data/unixodbc-2.3.6/libltdl/loaders/loadlibrary.c:170:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(wpath, filename); data/unixodbc-2.3.6/libltdl/ltdl.c:522:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (filename, "%.*s/%s", (int) dirname_len, dirname, dlname); data/unixodbc-2.3.6/libltdl/ltdl.c:718:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename, dir_name); data/unixodbc-2.3.6/libltdl/ltdl.c:724:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (filename +lendir, base_name); data/unixodbc-2.3.6/libltdl/ltdl.c:785:19: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int notfound = access (filename, R_OK); data/unixodbc-2.3.6/libltdl/ltdl.c:922:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (name, "lib%s", p+2); data/unixodbc-2.3.6/libltdl/ltdl.c:1212:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(attempt, "%s%s", filename, ext); data/unixodbc-2.3.6/libltdl/ltdl.c:1307:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (archive_name, "%s%s.%s", libprefix, name + 3, libext); data/unixodbc-2.3.6/libltdl/ltdl.c:1311:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (archive_name, "%s.%s", name, libext); data/unixodbc-2.3.6/libltdl/ltdl.c:1820:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf, dirnam); data/unixodbc-2.3.6/libltdl/ltdl.c:2063:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sym, handle->vtable->sym_prefix); data/unixodbc-2.3.6/libltdl/ltdl.c:2064:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sym, handle->info.name); data/unixodbc-2.3.6/libltdl/ltdl.c:2068:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sym, handle->info.name); data/unixodbc-2.3.6/libltdl/ltdl.c:2072:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sym, symbol); data/unixodbc-2.3.6/libltdl/ltdl.c:2090:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sym, handle->vtable->sym_prefix); data/unixodbc-2.3.6/libltdl/ltdl.c:2091:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sym, symbol); data/unixodbc-2.3.6/libltdl/ltdl.c:2095:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sym, symbol); data/unixodbc-2.3.6/log/logPushMsg.c:132:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. mlen=vsnprintf(NULL,0,pszMessageFormat,args); data/unixodbc-2.3.6/log/logPushMsg.c:141:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(hMsg->pszMessage,mlen,pszMessageFormat,args); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:70:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:72:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:102:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find Setup property for (%s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:113:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find Setup property for (%s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:121:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find driver (%s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:134:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find driver (%s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:144:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find Setup property for (%s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:158:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find Setup property for (%s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/ODBCINSTSetProperty.c:48:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szError, "Could not find property (%s)", pszProperty ); data/unixodbc-2.3.6/odbcinst/ODBCINSTSetProperty.c:67:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hNew->szName, pszProperty ); data/unixodbc-2.3.6/odbcinst/ODBCINSTSetProperty.c:68:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( hNew->szValue, pszValue ); data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:62:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:64:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLConfigDriver.c:54:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/SQLConfigDriver.c:56:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:29:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:31:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:65:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( &(pszBuf[nBufPos]), szObjectName ); data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:196:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pRetBuffer, ini_cache -> value ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:74:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:76:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:171:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszPathOut, odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:186:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszPathOut, pszPathIn ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverManager.c:35:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s", odbcinst_system_file_path( b1 ) ); data/unixodbc-2.3.6/odbcinst/SQLInstallerError.c:128:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszErrorMsg, pszText ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:34:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszName, "lib%s", pszUI ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:43:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszName, "lib%s", pEnvVar ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:55:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszName, "lib%s", sz ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:79:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszNameAndExtension, "%s%s.1", pszName, SHLIBEXT ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:81:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszNameAndExtension, "%s.so.1", pszName ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:100:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszPathAndName, "%s/%s", DEFLIB_PATH, pszName ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:102:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszPathAndName, "%s", pszName ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:36:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( pRetBuffer, szPropertyName ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:42:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( pRetBuffer, szValueName ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:74:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat( pRetBuffer, szObjectName ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:124:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szFileName, pszFileName ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:150:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szFileName, "%s/%s", szPath, pszFileName ); data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:45:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:47:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/SQLWritePrivateProfileString.c:54:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( szFileName, pszFileName ); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:51:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:53:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:72:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_user_file_path( b1 ), odbcinst_user_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:74:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_user_file_path( b1 ), odbcinst_user_file_name( b2 )); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:102:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr, szObjectName ); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:138:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr, szPropertyName ); data/unixodbc-2.3.6/odbcinst/_SQLWriteInstalledDrivers.c:45:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s:%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/_SQLWriteInstalledDrivers.c:47:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( szIniName, "%s/%s", odbcinst_system_file_path( b1 ), odbcinst_system_file_name( b2 ) ); data/unixodbc-2.3.6/odbcinst/_odbcinst_GetEntries.c:43:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr, szPropertyName ); data/unixodbc-2.3.6/odbcinst/_odbcinst_GetSections.c:44:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( ptr, szObjectName ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:25:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buffer, path ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:44:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( buffer, path ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:67:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFileName, "%s:odbc.ini", odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:124:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( save_path, SYSTEM_FILE_PATH ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:168:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFileName, "%s/odbc.ini", odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:85:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFileName, "%s%s", pHomeDir, "/.odbc.ini" ); data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:128:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszPath, "%s/ODBCDataSources", odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:458:29: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. self->translation_handle = LoadLibrary (self->connInfo.translation_dll); data/unixodbc-2.3.6/exe/isql.c:80:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. rlhistory = strdup(getenv("HOME")); data/unixodbc-2.3.6/libltdl/loaders/loadlibrary.c:199:14: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. module = LoadLibrary (wpath); data/unixodbc-2.3.6/libltdl/ltdl.c:1361:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. search_path = getenv (LTDL_SEARCHPATH_VAR); data/unixodbc-2.3.6/libltdl/ltdl.c:1369:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. search_path = getenv (LT_MODULE_PATH_VAR); data/unixodbc-2.3.6/libltdl/ltdl.c:1469:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && !find_handle (getenv (LTDL_SEARCHPATH_VAR), base_name, data/unixodbc-2.3.6/libltdl/ltdl.c:1472:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && !find_handle (getenv (LT_MODULE_PATH_VAR), base_name, data/unixodbc-2.3.6/libltdl/ltdl.c:1925:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. is_done = foreach_dirinpath (getenv(LTDL_SEARCHPATH_VAR), 0, data/unixodbc-2.3.6/libltdl/ltdl.c:1932:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. is_done = foreach_dirinpath (getenv(LT_MODULE_PATH_VAR), 0, data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:40:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *pEnvVar = getenv( "ODBCINSTUI" ); data/unixodbc-2.3.6/odbcinst/SQLSetConfigMode.c:37:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. p = getenv( "ODBCSEARCH" ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:93:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (( path = getenv( "ODBCINSTINI" ))) { data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:116:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (( path = getenv( "ODBCSYSINI" ))) { data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:152:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (( path = getenv( "HOME" ))) { data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:55:51: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *szEnv_INIUSER = getenv("ODBCINI"); data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:76:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pHomeDir = getenv("HOME"); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:66:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hLastProperty->aPromptData, vHost, sizeof(vHost)); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:78:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hLastProperty->aPromptData, vPort, sizeof(vPort)); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:90:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hLastProperty->aPromptData, vUser, sizeof(vUser)); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hLastProperty->aPromptData, vYesNo, sizeof(vYesNo)); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:114:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hLastProperty->szValue, "No"); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:38:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aHost, sizeof( aHost ) ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:42:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aHost, sizeof( aHost ) ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:52:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aDatabase, sizeof( aDatabase ) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:65:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:67:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( hLastProperty->szValue, "No" ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:88:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aServer, sizeof( aServer ) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aPort, sizeof(aPort) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:121:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aProtocol, sizeof(aProtocol) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:148:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:157:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:29:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aHost, sizeof( aHost ) ); data/unixodbc-2.3.6/DRVConfig/nn/drvcfg.c:29:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aServer, sizeof( aServer ) ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aHost, sizeof( aHost ) ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:145:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aServerType, sizeof(aServerType) ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:154:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aProtocol, sizeof(aProtocol) ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:170:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof(aYesNo) ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aTrueFalse, sizeof(aTrueFalse) ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:57:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aSqlModes, sizeof( aSqlModes ) ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:66:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aIsoLevel, sizeof( aIsoLevel ) ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:50:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof( aYesNo ) ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:59:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof( aYesNo ) ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aYesNo, sizeof( aYesNo ) ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:77:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hLastProperty->aPromptData, aColumnSeparators, sizeof( aColumnSeparators ) ); data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:279:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pooling_string[ 128 ]; data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:371:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:468:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( connection -> cli_year, "1995" ); data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:488:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:534:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:1080:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:1125:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLAllocHandle.c:1242:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_str[ BUFFER_LEN ]; data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:432:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( in_str, conn_str_in, len_conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:138:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_str[ BUFFER_LEN ]; data/unixodbc-2.3.6/DriverManager/SQLBulkOperations.c:136:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLCancel.c:130:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLCancelHandle.c:62:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\n\t\t\tStatement = %p", data/unixodbc-2.3.6/DriverManager/SQLCancelHandle.c:245:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, "\n\t\tEntry:\n\t\t\tConnection = %p", data/unixodbc-2.3.6/DriverManager/SQLCloseCursor.c:134:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLColAttributes.c:619:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( numeric_attribute, &na, sizeof( na )); data/unixodbc-2.3.6/DriverManager/SQLColAttributes.c:624:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( numeric_attribute, &na, sizeof( na )); data/unixodbc-2.3.6/DriverManager/SQLColAttributes.c:629:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( numeric_attribute, &na, sizeof( na )); data/unixodbc-2.3.6/DriverManager/SQLColAttributesW.c:586:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( numeric_attribute, &na, sizeof( na )); data/unixodbc-2.3.6/DriverManager/SQLColAttributesW.c:591:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( numeric_attribute, &na, sizeof( na )); data/unixodbc-2.3.6/DriverManager/SQLColAttributesW.c:596:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( numeric_attribute, &na, sizeof( na )); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:809:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char single_lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:959:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char threading_string[ 50 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:960:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapping_string[ 50 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:961:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char disable_gf[ 50 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:962:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake_string[ 50 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:982:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). threading_level = atoi( threading_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:999:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). threading_level = atoi( threading_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1018:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). connection -> ex_fetch_mapping = atoi( mapping_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1028:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). connection -> disable_gf = atoi( disable_gf ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1038:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). connection -> dont_dlclose = atoi( mapping_string ) != 0; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1048:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). connection -> pooling_timeout = atoi( mapping_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1058:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). connection -> ttl = atoi( mapping_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1081:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fake_unicode = atoi( fake_string ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1095:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 256 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1097:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( txt, "Can't initiate unicode conversion" ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1133:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 2048 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( connection -> functions, template_func, data/unixodbc-2.3.6/DriverManager/SQLConnect.c:1193:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ 128 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2184:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 20 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2306:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[ 32 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2318:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( ext, ".so" ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2337:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2367:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 256 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3563:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ptr -> server, connection -> server, connection -> server_length ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3573:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ptr -> user, connection -> user, connection -> user_length ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3583:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ptr -> password, connection -> password, connection -> password_length ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3593:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ptr -> driver_connect_string, connection -> driver_connect_string, data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3641:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 1024 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3717:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsn[ SQL_MAX_DSN_LENGTH + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3718:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3719:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3837:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dsn, server_name, len ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3856:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( dsn, "DEFAULT" ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3907:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( connection -> server, server_name, name_length1 ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3924:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( connection -> user, user_name, name_length2 ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3941:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( connection -> password, authentication, name_length3 ); data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLConnectW.c:287:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dsn, server_name, sizeof( dsn[ 0 ] ) * len ); data/unixodbc-2.3.6/DriverManager/SQLCopyDesc.c:196:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( src_descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ BUFFERSIZE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char property[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:193:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:353:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( server_name, object, buffer_length1 ); data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:366:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( description, property, buffer_length2 ); data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ BUFFERSIZE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char property[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:99:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:117:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:269:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( server_name, s1, buffer_length1 * 2 ); data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:291:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( description, s1, buffer_length2 * 2 ); data/unixodbc-2.3.6/DriverManager/SQLDescribeCol.c:226:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDescribeColW.c:188:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDescribeParam.c:170:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDisconnect.c:203:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:410:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( *keyword, ptr, len ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:452:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( *value, ptr, len ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:538:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( local_str, str, str_len ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:690:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:916:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( conn_str_out, conn_str_in, conn_str_out_max - 1 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:931:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( conn_str_out, conn_str_in, len_conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:981:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( connection -> driver_connect_string, conn_str_in, len_conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:995:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( savefile, tsavefile, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1015:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[ 1024 * 16 ]; data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1741:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) conn_str_out, "SAVEFILE=" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1756:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) conn_str_out, "FILEDSN=" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lib_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_name[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:900:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char null[ 20 ]; data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:902:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( null, "NULL" ); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ BUFFERSIZE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:228:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:352:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sz_driver_desc, object, cb_driver_desc_max - 1 ); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:370:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:371:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:372:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:373:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ 1024 ]; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:375:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ 256 ], b2[ 256 ]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ BUFFERSIZE + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char object[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:145:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:269:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sz_driver_desc, object, cb_driver_desc_max - 1 ); data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:294:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:295:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:296:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:297:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ 1024 ]; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:299:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ 512 ], b2[ 512 ]; data/unixodbc-2.3.6/DriverManager/SQLEndTran.c:245:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLEndTran.c:410:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLError.c:200:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) sqlstate, "00000" ); data/unixodbc-2.3.6/DriverManager/SQLError.c:251:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( message_text, str, buffer_length ); data/unixodbc-2.3.6/DriverManager/SQLError.c:336:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:418:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLError.c:498:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:161:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( message_text, err -> msg, buffer_length * 2 ); data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:260:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:381:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLErrorW.c:466:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLExecute.c:182:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLExtendedFetch.c:153:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLFetch.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLFetchScroll.c:150:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:214:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:284:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:335:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:381:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:486:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:520:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeHandle.c:599:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLFreeStmt.c:137:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:233:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, log_info.log_file_name, buffer_length - 1 ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:373:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, &sa->int_attr, buffer_length); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:593:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, ptr, buffer_length - 1 ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:317:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, &sa->int_attr, buffer_length); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:537:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, ptr, buffer_length - 1 ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:470:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 1024 ]; data/unixodbc-2.3.6/DriverManager/SQLGetConnectOptionW.c:439:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 1024 ]; data/unixodbc-2.3.6/DriverManager/SQLGetCursorName.c:173:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetCursorNameW.c:156:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetDescRec.c:228:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetDescRecW.c:186:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:325:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &val, sizeof( val )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:476:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &val, sizeof( val )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:494:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &val, sizeof( val )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:503:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &head -> return_code, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:667:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &ptr -> diag_column_number, sizeof( SQLINTEGER )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:707:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, str, buffer_length - 1 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:708:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (( char * ) diag_info_ptr )[ buffer_length - 1 ] = '\0'; data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:729:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &ptr -> native_error, sizeof( SQLINTEGER )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:739:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &ptr -> diag_row_number, sizeof( SQLLEN )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:779:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, str, buffer_length - 1 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:780:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (( char * ) diag_info_ptr )[ buffer_length - 1 ] = '\0'; data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:873:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:932:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:991:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:1050:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:220:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &val, sizeof( val )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:370:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &val, sizeof( val )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:388:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &val, sizeof( val )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:397:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &head -> return_code, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:552:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &ptr -> diag_column_number, sizeof( SQLINTEGER )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:592:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, str, ( buffer_length - 1 ) * 2 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:609:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &ptr -> native_error, sizeof( SQLINTEGER )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:619:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, &ptr -> diag_row_number, sizeof( SQLINTEGER )); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:659:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( diag_info_ptr, str, ( buffer_length - 1 ) * 2 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:730:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:828:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:926:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:1024:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:312:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) sqlstate, "00000" ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:354:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( message_text, as1, buffer_length ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:493:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( message_text, as1, buffer_length ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:591:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:669:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:747:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:825:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:159:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( message_text, ptr -> msg, buffer_length * 2 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:301:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( message_text, ptr -> msg, buffer_length * 2 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:370:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:498:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:626:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetDiagRecW.c:754:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( descriptor -> msg, data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:170:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &environment -> connection_pooling, data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:178:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &environment -> cp_match, data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:195:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &environment -> requested_version, data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:204:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &i, sizeof( i )); data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:221:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, VERSION, buffer_length ); data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:234:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ 512 ]; data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:242:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, odbcinst_system_file_path( b1 ), buffer_length ); data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 30 ], *cptr; data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:300:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( txt, "%02d.%02d.%04d.%04d", data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:302:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( VERSION ), atoi( VERSION + 2 )); data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:302:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( VERSION ), atoi( VERSION + 2 )); data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:308:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( txt, "%02d.%02d", data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:565:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( info_value, cptr, buffer_length - 1 ); data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 30 ], *cptr; data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:254:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( txt, "%02d.%02d.%04d.%04d", data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:256:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( VERSION ), atoi( VERSION + 2 )); data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:256:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi( VERSION ), atoi( VERSION + 2 )); data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:262:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( txt, "%02d.%02d", data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:549:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( info_value, s1, ( buffer_length - 1 * sizeof( SQLWCHAR ))); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:331:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ard, sizeof( statement -> ard )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:338:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> apd, sizeof( SQLHANDLE )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:345:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ird, sizeof( SQLHANDLE )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:352:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ipd, sizeof( SQLHANDLE )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:366:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> fetch_bm_ptr, sizeof( SQLULEN * )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:375:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> row_st_arr, sizeof( SQLULEN * )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttr.c:384:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> row_ct_ptr, sizeof( SQLULEN * )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:258:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ard, sizeof( statement -> ard )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:265:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> apd, sizeof( SQLHANDLE )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:272:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ird, sizeof( SQLHANDLE )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:279:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ipd, sizeof( SQLHANDLE )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:293:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> fetch_bm_ptr, sizeof( SQLLEN * )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:302:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> row_st_arr, sizeof( SQLLEN * )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtAttrW.c:311:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> row_ct_ptr, sizeof( SQLULEN * )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:230:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> apd, sizeof( statement -> apd )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:237:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ard, sizeof( statement -> ard )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:244:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ipd, sizeof( statement -> ipd )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:251:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ird, sizeof( statement -> ird )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:271:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> apd, sizeof( statement -> apd )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:278:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ard, sizeof( statement -> ard )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:285:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ipd, sizeof( statement -> ipd )); data/unixodbc-2.3.6/DriverManager/SQLGetStmtOption.c:292:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( value, &statement -> ird, sizeof( statement -> ird )); data/unixodbc-2.3.6/DriverManager/SQLMoreResults.c:157:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLNumParams.c:137:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLNumResultCols.c:149:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLParamData.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLParamOptions.c:159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLPutData.c:139:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLRowCount.c:166:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttr.c:266:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char force_string[ 30 ]; data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttr.c:656:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sa -> str_attr, value, string_length ); data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttrW.c:172:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char force_string[ 30 ]; data/unixodbc-2.3.6/DriverManager/SQLSetConnectAttrW.c:592:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sa -> str_attr, value, string_length ); data/unixodbc-2.3.6/DriverManager/SQLSetPos.c:152:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetScrollOptions.c:173:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( statement -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:362:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> apd, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:370:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ard, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:378:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ipd, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:386:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ird, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:407:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> apd, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:415:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ard, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:423:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ipd, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOption.c:431:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ird, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c:388:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> apd, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c:396:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ard, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c:404:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ipd, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLSetStmtOptionW.c:412:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &statement -> ird, (void*)value, data/unixodbc-2.3.6/DriverManager/SQLTransact.c:201:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( connection -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/SQLTransact.c:378:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, "\n\t\tEntry:\ data/unixodbc-2.3.6/DriverManager/__attribute.c:731:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). as -> int_value = atoi( as -> value ); data/unixodbc-2.3.6/DriverManager/__attribute.c:744:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). as -> attribute = atoi( kw + 1 ); data/unixodbc-2.3.6/DriverManager/__attribute.c:747:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). as -> int_value = atoi( as -> value + 1 ); data/unixodbc-2.3.6/DriverManager/__attribute.c:791:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( as -> keyword, ptr, len ); data/unixodbc-2.3.6/DriverManager/__attribute.c:806:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( as -> value, ptr , len ); data/unixodbc-2.3.6/DriverManager/__attribute.c:817:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( as -> value, ptr, len ); data/unixodbc-2.3.6/DriverManager/__attribute.c:910:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( local_str, str, str_len ); data/unixodbc-2.3.6/DriverManager/__connection.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/__connection.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_lib[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/__handles.c:404:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tracing_string[ 64 ]; data/unixodbc-2.3.6/DriverManager/__handles.c:405:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tracing_file[ 64 ]; data/unixodbc-2.3.6/DriverManager/__handles.c:456:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( environment -> msg, data/unixodbc-2.3.6/DriverManager/__info.c:488:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii[ 256 ], unicode[ 256 ]; data/unixodbc-2.3.6/DriverManager/__info.c:492:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { long l; char c[sizeof (long)]; } u; data/unixodbc-2.3.6/DriverManager/__info.c:860:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DOUBLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:864:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_FLOAT" ); data/unixodbc-2.3.6/DriverManager/__info.c:868:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_REAL" ); data/unixodbc-2.3.6/DriverManager/__info.c:872:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_BIT" ); data/unixodbc-2.3.6/DriverManager/__info.c:876:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:880:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_VARCHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:884:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_LONGVARCHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:888:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_BINARY" ); data/unixodbc-2.3.6/DriverManager/__info.c:892:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_VARBINARY" ); data/unixodbc-2.3.6/DriverManager/__info.c:896:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_LONGVARBINARY" ); data/unixodbc-2.3.6/DriverManager/__info.c:900:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DECIMAL" ); data/unixodbc-2.3.6/DriverManager/__info.c:904:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_NUMERIC" ); data/unixodbc-2.3.6/DriverManager/__info.c:908:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_BIGINT" ); data/unixodbc-2.3.6/DriverManager/__info.c:912:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTEGER" ); data/unixodbc-2.3.6/DriverManager/__info.c:916:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SMALLINT" ); data/unixodbc-2.3.6/DriverManager/__info.c:920:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TINYINT" ); data/unixodbc-2.3.6/DriverManager/__info.c:924:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TYPE_DATE" ); data/unixodbc-2.3.6/DriverManager/__info.c:928:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TYPE_TIME" ); data/unixodbc-2.3.6/DriverManager/__info.c:932:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TYPE_TIMESTAMP" ); data/unixodbc-2.3.6/DriverManager/__info.c:936:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DATE" ); data/unixodbc-2.3.6/DriverManager/__info.c:940:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TIME" ); data/unixodbc-2.3.6/DriverManager/__info.c:944:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TIMESTAMP" ); data/unixodbc-2.3.6/DriverManager/__info.c:948:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_YEAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:952:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_YEAR_TO_MONTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:956:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_MONTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:960:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_DAY_TO_SECOND" ); data/unixodbc-2.3.6/DriverManager/__info.c:964:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_DAY_TO_MINUTE" ); data/unixodbc-2.3.6/DriverManager/__info.c:968:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_DAY" ); data/unixodbc-2.3.6/DriverManager/__info.c:972:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_HOUR_TO_SECOND" ); data/unixodbc-2.3.6/DriverManager/__info.c:976:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_HOUR_TO_MINUTE" ); data/unixodbc-2.3.6/DriverManager/__info.c:980:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_HOUR" ); data/unixodbc-2.3.6/DriverManager/__info.c:984:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_MINUTE_TO_SECOND" ); data/unixodbc-2.3.6/DriverManager/__info.c:988:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_MINUTE" ); data/unixodbc-2.3.6/DriverManager/__info.c:992:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTERVAL_SECOND" ); data/unixodbc-2.3.6/DriverManager/__info.c:996:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ALL_TYPES" ); data/unixodbc-2.3.6/DriverManager/__info.c:1000:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "Unknown(%d)", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:1052:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_NULL_DATA" ); data/unixodbc-2.3.6/DriverManager/__info.c:1056:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "Indicator = %d", (int)*ptr ); data/unixodbc-2.3.6/DriverManager/__info.c:1060:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[NULLPTR]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1070:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &val, buf, sizeof( SQLINTEGER )); data/unixodbc-2.3.6/DriverManager/__info.c:1071:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%d]", (int)val ); data/unixodbc-2.3.6/DriverManager/__info.c:1077:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%.*s]", LOG_MESSAGE_LEN, (char*)buf ); data/unixodbc-2.3.6/DriverManager/__info.c:1096:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( optr, "%c", *ptr & 0x00FF ); data/unixodbc-2.3.6/DriverManager/__info.c:1101:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( optr, "](unicode)" ); data/unixodbc-2.3.6/DriverManager/__info.c:1109:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &val, buf, sizeof( double )); data/unixodbc-2.3.6/DriverManager/__info.c:1110:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%g]", val ); data/unixodbc-2.3.6/DriverManager/__info.c:1119:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &val, buf, sizeof( float )); data/unixodbc-2.3.6/DriverManager/__info.c:1120:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%g]", val ); data/unixodbc-2.3.6/DriverManager/__info.c:1128:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &val, buf, sizeof( SQLCHAR )); data/unixodbc-2.3.6/DriverManager/__info.c:1129:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%d]", (int)val ); data/unixodbc-2.3.6/DriverManager/__info.c:1134:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[LONGVARCHARDATA...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1138:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[BINARYDATA...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1142:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[VARBINARYDATA...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1146:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[LONGVARBINARYDATA...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1150:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[DECIMAL...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1154:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[NUMERIC...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1158:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[BIGINT...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1165:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &val, buf, sizeof( short )); data/unixodbc-2.3.6/DriverManager/__info.c:1166:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%d]", (int)val ); data/unixodbc-2.3.6/DriverManager/__info.c:1174:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &val, buf, sizeof( char )); data/unixodbc-2.3.6/DriverManager/__info.c:1175:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[%d]", (int)val ); data/unixodbc-2.3.6/DriverManager/__info.c:1181:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[DATE...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1186:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[TIME...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1191:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[TIMESTAMP...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1206:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[INTERVAL...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1210:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "[Data...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:1226:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%p -> %d", (void*)ptr, (int)*ptr ); data/unixodbc-2.3.6/DriverManager/__info.c:1230:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "NULLPTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1240:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%p -> %d", (void*)ptr, (int)*ptr ); data/unixodbc-2.3.6/DriverManager/__info.c:1244:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "NULLPTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1258:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%p -> %d", (void*)ptr, (int)*ptr ); data/unixodbc-2.3.6/DriverManager/__info.c:1262:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "NULLPTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1277:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLAllocConnect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1281:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLAllocEnv" ); data/unixodbc-2.3.6/DriverManager/__info.c:1285:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLAllocHandle" ); data/unixodbc-2.3.6/DriverManager/__info.c:1289:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLAllocStmt" ); data/unixodbc-2.3.6/DriverManager/__info.c:1293:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLAllochandleStd" ); data/unixodbc-2.3.6/DriverManager/__info.c:1297:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLBindCol" ); data/unixodbc-2.3.6/DriverManager/__info.c:1301:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLBindParam" ); data/unixodbc-2.3.6/DriverManager/__info.c:1305:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLBindParameter" ); data/unixodbc-2.3.6/DriverManager/__info.c:1309:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLBrowseConnect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1313:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLBulkOperations" ); data/unixodbc-2.3.6/DriverManager/__info.c:1317:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLCancel" ); data/unixodbc-2.3.6/DriverManager/__info.c:1321:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLCloseCursor" ); data/unixodbc-2.3.6/DriverManager/__info.c:1325:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLColAttribute(s)" ); data/unixodbc-2.3.6/DriverManager/__info.c:1329:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLColumnPrivileges" ); data/unixodbc-2.3.6/DriverManager/__info.c:1333:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLColumns" ); data/unixodbc-2.3.6/DriverManager/__info.c:1337:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLConnect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1341:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLCopyDesc" ); data/unixodbc-2.3.6/DriverManager/__info.c:1345:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLDataSources" ); data/unixodbc-2.3.6/DriverManager/__info.c:1349:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLDescribeCol" ); data/unixodbc-2.3.6/DriverManager/__info.c:1353:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLDescribeParam" ); data/unixodbc-2.3.6/DriverManager/__info.c:1357:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLDisconnect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1361:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLDriverConnect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1365:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLDrivers" ); data/unixodbc-2.3.6/DriverManager/__info.c:1369:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLEndTran" ); data/unixodbc-2.3.6/DriverManager/__info.c:1373:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLError" ); data/unixodbc-2.3.6/DriverManager/__info.c:1377:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLExecDirect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1381:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLExecute" ); data/unixodbc-2.3.6/DriverManager/__info.c:1385:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLExtendedFetch" ); data/unixodbc-2.3.6/DriverManager/__info.c:1389:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLFetch" ); data/unixodbc-2.3.6/DriverManager/__info.c:1393:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLFetchScroll" ); data/unixodbc-2.3.6/DriverManager/__info.c:1397:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLForeignKeys" ); data/unixodbc-2.3.6/DriverManager/__info.c:1401:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLFreeEnv" ); data/unixodbc-2.3.6/DriverManager/__info.c:1405:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLFreeHandle" ); data/unixodbc-2.3.6/DriverManager/__info.c:1409:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLFreeStmt" ); data/unixodbc-2.3.6/DriverManager/__info.c:1413:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLFreeConnect" ); data/unixodbc-2.3.6/DriverManager/__info.c:1417:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetConnectAttr" ); data/unixodbc-2.3.6/DriverManager/__info.c:1421:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetConnectOption" ); data/unixodbc-2.3.6/DriverManager/__info.c:1425:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetCursorName" ); data/unixodbc-2.3.6/DriverManager/__info.c:1429:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetData" ); data/unixodbc-2.3.6/DriverManager/__info.c:1433:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetDescField" ); data/unixodbc-2.3.6/DriverManager/__info.c:1437:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetDescRec" ); data/unixodbc-2.3.6/DriverManager/__info.c:1441:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetDiagField" ); data/unixodbc-2.3.6/DriverManager/__info.c:1445:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetEnvAttr" ); data/unixodbc-2.3.6/DriverManager/__info.c:1449:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetFunctions" ); data/unixodbc-2.3.6/DriverManager/__info.c:1453:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetInfo" ); data/unixodbc-2.3.6/DriverManager/__info.c:1457:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetStmtAttr" ); data/unixodbc-2.3.6/DriverManager/__info.c:1461:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetStmtOption" ); data/unixodbc-2.3.6/DriverManager/__info.c:1465:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetTypeInfo" ); data/unixodbc-2.3.6/DriverManager/__info.c:1469:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLMoreResults" ); data/unixodbc-2.3.6/DriverManager/__info.c:1473:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLNativeSql" ); data/unixodbc-2.3.6/DriverManager/__info.c:1477:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLNumParams" ); data/unixodbc-2.3.6/DriverManager/__info.c:1481:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLNumResultCols" ); data/unixodbc-2.3.6/DriverManager/__info.c:1485:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLParamData" ); data/unixodbc-2.3.6/DriverManager/__info.c:1489:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLParamOptions" ); data/unixodbc-2.3.6/DriverManager/__info.c:1493:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLPrepare" ); data/unixodbc-2.3.6/DriverManager/__info.c:1497:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLPrimaryKeys" ); data/unixodbc-2.3.6/DriverManager/__info.c:1501:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLProcedureColumns" ); data/unixodbc-2.3.6/DriverManager/__info.c:1505:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLProcedures" ); data/unixodbc-2.3.6/DriverManager/__info.c:1509:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLPutData" ); data/unixodbc-2.3.6/DriverManager/__info.c:1513:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLRowCount" ); data/unixodbc-2.3.6/DriverManager/__info.c:1517:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetConnectAttr" ); data/unixodbc-2.3.6/DriverManager/__info.c:1521:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetConnectOption" ); data/unixodbc-2.3.6/DriverManager/__info.c:1525:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetCursorName" ); data/unixodbc-2.3.6/DriverManager/__info.c:1529:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetDescField" ); data/unixodbc-2.3.6/DriverManager/__info.c:1533:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetDescRec" ); data/unixodbc-2.3.6/DriverManager/__info.c:1537:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetEnvAttr" ); data/unixodbc-2.3.6/DriverManager/__info.c:1541:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetParam" ); data/unixodbc-2.3.6/DriverManager/__info.c:1545:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetPos" ); data/unixodbc-2.3.6/DriverManager/__info.c:1549:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetScrollOptions" ); data/unixodbc-2.3.6/DriverManager/__info.c:1553:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetStmtAttr" ); data/unixodbc-2.3.6/DriverManager/__info.c:1557:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSetStmtOption" ); data/unixodbc-2.3.6/DriverManager/__info.c:1561:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLSpecialColumns" ); data/unixodbc-2.3.6/DriverManager/__info.c:1565:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLStatistics" ); data/unixodbc-2.3.6/DriverManager/__info.c:1569:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLTablePrivileges" ); data/unixodbc-2.3.6/DriverManager/__info.c:1573:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLTables" ); data/unixodbc-2.3.6/DriverManager/__info.c:1577:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLTransact" ); data/unixodbc-2.3.6/DriverManager/__info.c:1581:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQLGetDiagRec" ); data/unixodbc-2.3.6/DriverManager/__info.c:1585:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:1600:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_AUTO_UNIQUE_VALUE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1604:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_BASE_COLUMN_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1608:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_BASE_TABLE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1612:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_CASE_SENSITIVE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1616:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_CATALOG_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1620:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_CONCISE_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1624:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_DISPLAY_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1628:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_FIXED_PREC_SCALE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1632:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LABEL" ); data/unixodbc-2.3.6/DriverManager/__info.c:1636:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLUMN_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1640:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LENGTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:1644:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLUMN_LENGTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:1648:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LITERAL_PREFIX" ); data/unixodbc-2.3.6/DriverManager/__info.c:1652:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LITERAL_SUFFIX" ); data/unixodbc-2.3.6/DriverManager/__info.c:1656:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LOCAL_TYPE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1660:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1664:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_NULLABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1668:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLUMN_NULLABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1672:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_NUM_PREC_RADIX" ); data/unixodbc-2.3.6/DriverManager/__info.c:1676:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_OCTET_LENGTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:1680:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_PRECISION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1684:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLUMN_PRECISION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1688:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_SCALE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1692:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLUMN_SCALE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1696:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_SCHEMA_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1700:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_SEARCHABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1704:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_TABLE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1708:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1712:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_TYPE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1716:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_UNNAMED" ); data/unixodbc-2.3.6/DriverManager/__info.c:1720:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_UNSIGNED" ); data/unixodbc-2.3.6/DriverManager/__info.c:1724:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_UPDATABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1728:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:1743:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CONNECTION_POOLING" ); data/unixodbc-2.3.6/DriverManager/__info.c:1747:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CP_MATCH" ); data/unixodbc-2.3.6/DriverManager/__info.c:1751:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ODBC_VERSION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1755:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_OUTPUT_NTS" ); data/unixodbc-2.3.6/DriverManager/__info.c:1759:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:1774:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ACCESS_MODE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1778:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ASYNC_ENABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1782:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_AUTO_IPD" ); data/unixodbc-2.3.6/DriverManager/__info.c:1786:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_AUTOCOMMIT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1790:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CONNECTION_TIMEOUT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1794:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CURRENT_CATALOG" ); data/unixodbc-2.3.6/DriverManager/__info.c:1798:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_LOGIN_TIMEOUT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1802:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_METADATA_ID" ); data/unixodbc-2.3.6/DriverManager/__info.c:1806:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ODBC_CURSORS" ); data/unixodbc-2.3.6/DriverManager/__info.c:1810:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PACKET_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1814:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_QUIET_MODE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1818:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_TRACE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1822:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_TRACEFILE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1826:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_TRANSLATE_LIB" ); data/unixodbc-2.3.6/DriverManager/__info.c:1830:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_TRANSLATE_OPTION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1834:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_TXN_ISOLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1838:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:1853:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_CURSOR_ROW_COUNT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1857:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_DYNAMIC_FUNCTION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1861:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_DYNAMIC_FUNCTION_CODE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1865:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_NUMBER" ); data/unixodbc-2.3.6/DriverManager/__info.c:1869:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_RETURNCODE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1873:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_ROW_COUNT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1877:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_CLASS_ORIGIN" ); data/unixodbc-2.3.6/DriverManager/__info.c:1881:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_COLUMN_NUMBER" ); data/unixodbc-2.3.6/DriverManager/__info.c:1885:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_CONNECTION_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1889:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_MESSAGE_TEXT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1893:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_NATIVE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1897:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_ROW_NUMBER" ); data/unixodbc-2.3.6/DriverManager/__info.c:1901:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_SERVER_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1905:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_SQLSTATE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1909:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DIAG_SUBCLASS_ORIGIN" ); data/unixodbc-2.3.6/DriverManager/__info.c:1913:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:1928:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_ALLOC_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1932:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_ARRAY_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1936:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_ARRAY_STATUS_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1940:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_BIND_OFFSET_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1944:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_BIND_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1948:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_COUNT" ); data/unixodbc-2.3.6/DriverManager/__info.c:1952:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_ROWS_PROCESSED_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1956:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_AUTO_UNIQUE_VALUE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1960:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_BASE_COLUMN_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1964:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_BASE_TABLE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1968:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_CASE_SENSITIVE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1972:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_CATALOG_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:1976:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_CONCISE_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1980:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_DATA_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:1984:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_DATETIME_INTERVAL_CODE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1988:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_DATETIME_INTERVAL_PRECISION" ); data/unixodbc-2.3.6/DriverManager/__info.c:1992:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_DISPLAY_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:1996:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_FIXED_PREC_SCALE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2000:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_INDICATOR_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2004:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LABEL" ); data/unixodbc-2.3.6/DriverManager/__info.c:2008:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LENGTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:2012:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LITERAL_PREFIX" ); data/unixodbc-2.3.6/DriverManager/__info.c:2016:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LITERAL_SUFFIX" ); data/unixodbc-2.3.6/DriverManager/__info.c:2020:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_LOCAL_TYPE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2024:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2028:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_NULLABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2032:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_NUM_PREC_RADIX" ); data/unixodbc-2.3.6/DriverManager/__info.c:2036:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_OCTET_LENGTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:2040:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_OCTET_LENGTH_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2044:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_PARAMETER_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2048:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_PRECISION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2052:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_SCALE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2056:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_SCHEMA_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2060:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_SEARCHABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2064:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_TABLE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2068:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2072:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_TYPE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2076:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_UNNAMED" ); data/unixodbc-2.3.6/DriverManager/__info.c:2080:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_UNSIGNED" ); data/unixodbc-2.3.6/DriverManager/__info.c:2084:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESC_UPDATABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2088:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:2103:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_APP_PARAM_DESC" ); data/unixodbc-2.3.6/DriverManager/__info.c:2107:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_APP_ROW_DESC" ); data/unixodbc-2.3.6/DriverManager/__info.c:2111:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ASYNC_ENABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2115:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CONCURRENCY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2119:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CURSOR_SCROLLABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2123:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CURSOR_SENSITIVITY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2127:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_CURSOR_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2131:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ENABLE_AUTO_IPD" ); data/unixodbc-2.3.6/DriverManager/__info.c:2135:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_FETCH_BOOKMARK_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2139:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_IMP_PARAM_DESC" ); data/unixodbc-2.3.6/DriverManager/__info.c:2143:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_IMP_ROW_DESC" ); data/unixodbc-2.3.6/DriverManager/__info.c:2147:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_KEYSET_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2151:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_MAX_LENGTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:2155:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_MAX_ROWS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2159:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_METADATA_ID" ); data/unixodbc-2.3.6/DriverManager/__info.c:2163:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_NOSCAN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2167:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PARAM_BIND_OFFSET_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2171:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PARAM_BIND_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2175:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PARAM_OPERATION_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2179:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PARAM_STATUS_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2183:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PARAMS_PROCESSED_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2187:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_PARAMSET_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2191:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_QUERY_TIMEOUT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2195:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_RETRIEVE_DATA" ); data/unixodbc-2.3.6/DriverManager/__info.c:2199:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ROWSET_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2203:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROW_ARRAY_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2207:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROW_BIND_OFFSET_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2211:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROW_BIND_TYPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2215:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROW_NUMBER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2219:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROW_OPERATION_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2223:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROW_STATUS_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2227:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_ROWS_FETCHED_PTR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2231:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_SIMULATE_CURSOR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2235:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ATTR_USE_BOOKMARKS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2239:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:2254:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ACCESSIBLE_PROCEDURES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2258:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ACCESSIBLE_TABLES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2262:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ACTIVE_ENVIRONMENTS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2266:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_AGGREGATE_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2270:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ALTER_DOMAIN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2274:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ALTER_TABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2278:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ASYNC_MODE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2282:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_BATCH_ROW_COUNT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2286:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_BATCH_SUPPORT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2290:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_BOOKMARK_PERSISTENCE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2294:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CATALOG_LOCATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2298:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CATALOG_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2302:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CATALOG_NAME_SEPARATOR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2306:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CATALOG_TERM" ); data/unixodbc-2.3.6/DriverManager/__info.c:2310:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CATALOG_USAGE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2314:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLLATION_SEQ" ); data/unixodbc-2.3.6/DriverManager/__info.c:2318:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_COLUMN_ALIAS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2322:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONCAT_NULL_BEHAVIOR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2326:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_BIGINT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2330:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_BINARY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2334:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_BIT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2338:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_CHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2342:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_DATE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2346:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_DECIMAL" ); data/unixodbc-2.3.6/DriverManager/__info.c:2350:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_DOUBLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2354:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_FLOAT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2358:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_INTEGER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2362:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_INTERVAL_YEAR_MONTH" ); data/unixodbc-2.3.6/DriverManager/__info.c:2366:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_INTERVAL_DAY_TIME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2370:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_LONGVARBINARY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2374:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_LONGVARCHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2378:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_NUMERIC" ); data/unixodbc-2.3.6/DriverManager/__info.c:2382:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_REAL" ); data/unixodbc-2.3.6/DriverManager/__info.c:2386:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_SMALLINT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2390:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_TIME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2394:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_TIMESTAMP" ); data/unixodbc-2.3.6/DriverManager/__info.c:2398:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_TINYINT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2402:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_VARBINARY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2406:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_VARCHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2410:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CONVERT_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2414:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CORRELATION_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2418:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_ASSERTION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2422:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_CHARACTER_SET" ); data/unixodbc-2.3.6/DriverManager/__info.c:2426:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_COLLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2430:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_DOMAIN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2434:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_SCHEMA" ); data/unixodbc-2.3.6/DriverManager/__info.c:2438:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_TABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2442:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_TRANSLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2446:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CREATE_VIEW" ); data/unixodbc-2.3.6/DriverManager/__info.c:2450:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CURSOR_COMMIT_BEHAVIOR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2454:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CURSOR_ROLLBACK_BEHAVIOR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2458:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_CURSOR_SENSITIVITY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2462:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DATA_SOURCE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2466:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DATA_SOURCE_READ_ONLY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2470:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DATABASE_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2474:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DATETIME_LITERALS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2478:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DBMS_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2482:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DBMS_VER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2486:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DDL_INDEX" ); data/unixodbc-2.3.6/DriverManager/__info.c:2490:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DEFAULT_TXN_ISOLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2494:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DESCRIBE_PARAMETER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2498:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DRIVER_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2502:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DRIVER_HLIB" ); data/unixodbc-2.3.6/DriverManager/__info.c:2506:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DRIVER_HSTMT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2510:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DRIVER_ODBC_VER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2514:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DRIVER_VER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2518:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ODBC_VER" ); data/unixodbc-2.3.6/DriverManager/__info.c:2522:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_ASSERTION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2526:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_CHARACTER_SET" ); data/unixodbc-2.3.6/DriverManager/__info.c:2530:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_COLLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2534:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_DOMAIN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2538:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_SCHEMA" ); data/unixodbc-2.3.6/DriverManager/__info.c:2542:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_TABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2546:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_TRANSLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2550:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DROP_VIEW" ); data/unixodbc-2.3.6/DriverManager/__info.c:2554:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DYNAMIC_CURSOR_ATTRIBUTES1" ); data/unixodbc-2.3.6/DriverManager/__info.c:2558:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_EXPRESSIONS_IN_ORDERBY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2562:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_EXPRESSIONS_IN_ORDERBY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2566:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_FILE_USAGE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2570:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES1" ); data/unixodbc-2.3.6/DriverManager/__info.c:2574:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_FORWARD_ONLY_CURSOR_ATTRIBUTES2" ); data/unixodbc-2.3.6/DriverManager/__info.c:2578:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_GETDATA_EXTENSIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2582:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_GROUP_BY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2586:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_IDENTIFIER_CASE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2590:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_IDENTIFIER_QUOTE_CHAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2594:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INDEX_KEYWORDS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2598:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INFO_SCHEMA_VIEWS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2602:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INSERT_STATEMENT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2606:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_INTEGRITY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2610:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_KEYSET_CURSOR_ATTRIBUTES1" ); data/unixodbc-2.3.6/DriverManager/__info.c:2614:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_KEYSET_CURSOR_ATTRIBUTES2" ); data/unixodbc-2.3.6/DriverManager/__info.c:2618:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_KEYWORDS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2622:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_LIKE_ESCAPE_CLAUSE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2626:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_ASYNC_CONCURRENT_STATEMENTS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2630:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_BINARY_LITERAL_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2634:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_CATALOG_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2638:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_CHAR_LITERAL_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2642:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_COLUMN_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2646:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_COLUMNS_IN_GROUP_BY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2650:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_COLUMNS_IN_INDEX" ); data/unixodbc-2.3.6/DriverManager/__info.c:2654:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_COLUMNS_IN_SELECT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2658:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_COLUMNS_IN_ORDER_BY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2662:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_COLUMNS_IN_TABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2666:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_CONCURRENT_ACTIVITIES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2670:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_CURSOR_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2674:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_DRIVER_CONNECTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2678:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_IDENTIFIER_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2682:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_INDEX_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2686:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_PROCEDURE_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2690:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_ROW_SIZE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2694:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_ROW_SIZE_INCLUDES_LONG" ); data/unixodbc-2.3.6/DriverManager/__info.c:2698:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_SCHEMA_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2702:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_STATEMENT_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2706:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_TABLE_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2710:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_TABLES_IN_SELECT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2714:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MAX_USER_NAME_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2718:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MULT_RESULT_SETS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2722:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_MULTIPLE_ACTIVE_TXN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2726:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_NEED_LONG_DATA_LEN" ); data/unixodbc-2.3.6/DriverManager/__info.c:2730:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_NON_NULLABLE_COLUMNS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2734:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_NULL_COLLATION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2738:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_NUMERIC_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2742:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ODBC_INTERFACE_CONFORMANCE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2746:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_OJ_CAPABILITIES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2750:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ORDER_BY_COLUMNS_IN_SELECT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2754:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_PARAM_ARRAY_ROW_COUNTS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2758:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_PARAM_ARRAY_SELECTS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2762:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_PROCEDURE_TERM" ); data/unixodbc-2.3.6/DriverManager/__info.c:2766:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_PROCEDURES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2770:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_QUOTED_IDENTIFIER_CASE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2774:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ROW_UPDATES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2778:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SCHEMA_TERM" ); data/unixodbc-2.3.6/DriverManager/__info.c:2782:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SCHEMA_USAGE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2786:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SCROLL_OPTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2790:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SEARCH_PATTERN_ESCAPE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2794:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SERVER_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2798:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SPECIAL_CHARACTERS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2802:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL_CONFORMANCE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2806:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_DATETIME_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2810:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_FOREIGN_KEY_DELETE_RULE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2814:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_FOREIGN_KEY_UPDATE_RULE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2818:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_GRANT" ); data/unixodbc-2.3.6/DriverManager/__info.c:2822:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_NUMERIC_VALUE_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2826:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_PREDICATES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2830:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_RELATIONAL_JOIN_OPERATORS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2834:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_REVOKE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2838:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_ROW_VALUE_CONSTRUCTOR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2842:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_STRING_EXPRESSIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2846:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SQL92_VALUE_EXPRESSIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2850:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_STANDARD_CLI_CONFORMANCE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2854:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_STATIC_CURSOR_ATTRIBUTES1" ); data/unixodbc-2.3.6/DriverManager/__info.c:2858:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_STATIC_CURSOR_ATTRIBUTES2" ); data/unixodbc-2.3.6/DriverManager/__info.c:2862:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_STRING_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2866:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SUBQUERIES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2870:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SYSTEM_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2874:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TABLE_TERM" ); data/unixodbc-2.3.6/DriverManager/__info.c:2878:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TIMEDATE_ADD_INTERVALS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2882:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TIMEDATE_DIFF_INTERVALS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2886:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TIMEDATE_FUNCTIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2890:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TXN_CAPABLE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2894:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_TXN_ISOLATION_OPTION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2898:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_UNION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2902:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_USER_NAME" ); data/unixodbc-2.3.6/DriverManager/__info.c:2906:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_XOPEN_CLI_YEAR" ); data/unixodbc-2.3.6/DriverManager/__info.c:2910:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_FETCH_DIRECTION" ); data/unixodbc-2.3.6/DriverManager/__info.c:2914:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_LOCK_TYPES" ); data/unixodbc-2.3.6/DriverManager/__info.c:2918:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ODBC_API_CONFORMANCE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2922:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_ODBC_SQL_CONFORMANCE" ); data/unixodbc-2.3.6/DriverManager/__info.c:2926:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_POS_OPERATIONS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2930:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_POSITIONED_STATEMENTS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2934:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_SCROLL_CONCURRENCY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2938:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_STATIC_SENSITIVITY" ); data/unixodbc-2.3.6/DriverManager/__info.c:2942:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_OUTER_JOINS" ); data/unixodbc-2.3.6/DriverManager/__info.c:2946:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "SQL_DRIVER_AWARE_POOLING_SUPPORTED" ); data/unixodbc-2.3.6/DriverManager/__info.c:2950:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) s, "%d", (int)type ); data/unixodbc-2.3.6/DriverManager/__info.c:2962:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ver2[6]; data/unixodbc-2.3.6/DriverManager/__info.c:2963:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ver3[6]; data/unixodbc-2.3.6/DriverManager/__info.c:3114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state[ 6 ]; data/unixodbc-2.3.6/DriverManager/__info.c:3129:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) str, "%d", getpid()); data/unixodbc-2.3.6/DriverManager/__info.c:3143:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) ostr, "[NULL]" ); data/unixodbc-2.3.6/DriverManager/__info.c:3149:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) ostr, "[%.*s...][length = %ld (SQL_NTS)]", data/unixodbc-2.3.6/DriverManager/__info.c:3162:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) ostr, "[%.*s][length = %d]", (int)len, instr, (int)len ); data/unixodbc-2.3.6/DriverManager/__info.c:3164:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) ostr, "[%.*s...][length = %d]", LOG_MESSAGE_LEN, instr, (int)len ); data/unixodbc-2.3.6/DriverManager/__info.c:3173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[ LOG_MESSAGE_LEN ]; data/unixodbc-2.3.6/DriverManager/__info.c:3177:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) ostr, "[NULL]" ); data/unixodbc-2.3.6/DriverManager/__info.c:3191:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) ostr, "...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:3193:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tmp, "[length = %d (SQL_NTS)]", i ); data/unixodbc-2.3.6/DriverManager/__info.c:3208:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) ostr, "...]" ); data/unixodbc-2.3.6/DriverManager/__info.c:3210:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tmp, "[length = %d]", (int)len ); data/unixodbc-2.3.6/DriverManager/__info.c:3612:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) buffer, "UNKNOWN(%d)", ret ); data/unixodbc-2.3.6/DriverManager/__info.c:5359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[ 6 ]; data/unixodbc-2.3.6/DriverManager/__info.c:5371:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "01000" ); data/unixodbc-2.3.6/DriverManager/__info.c:5376:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "01004" ); data/unixodbc-2.3.6/DriverManager/__info.c:5381:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "01S02" ); data/unixodbc-2.3.6/DriverManager/__info.c:5387:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "01S06" ); data/unixodbc-2.3.6/DriverManager/__info.c:5393:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "07005" ); data/unixodbc-2.3.6/DriverManager/__info.c:5404:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "07009" ); data/unixodbc-2.3.6/DriverManager/__info.c:5406:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1093" ); data/unixodbc-2.3.6/DriverManager/__info.c:5412:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "07009" ); data/unixodbc-2.3.6/DriverManager/__info.c:5414:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1002" ); data/unixodbc-2.3.6/DriverManager/__info.c:5421:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "08002" ); data/unixodbc-2.3.6/DriverManager/__info.c:5426:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "08003" ); data/unixodbc-2.3.6/DriverManager/__info.c:5431:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "24000" ); data/unixodbc-2.3.6/DriverManager/__info.c:5437:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "25000" ); data/unixodbc-2.3.6/DriverManager/__info.c:5442:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "25S01" ); data/unixodbc-2.3.6/DriverManager/__info.c:5448:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1000" ); data/unixodbc-2.3.6/DriverManager/__info.c:5453:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1003" ); data/unixodbc-2.3.6/DriverManager/__info.c:5458:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1010" ); data/unixodbc-2.3.6/DriverManager/__info.c:5463:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1011" ); data/unixodbc-2.3.6/DriverManager/__info.c:5468:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1107" ); data/unixodbc-2.3.6/DriverManager/__info.c:5473:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1108" ); data/unixodbc-2.3.6/DriverManager/__info.c:5478:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1C00" ); data/unixodbc-2.3.6/DriverManager/__info.c:5483:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY001" ); data/unixodbc-2.3.6/DriverManager/__info.c:5485:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1011" ); data/unixodbc-2.3.6/DriverManager/__info.c:5492:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY003" ); data/unixodbc-2.3.6/DriverManager/__info.c:5499:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1003" ); data/unixodbc-2.3.6/DriverManager/__info.c:5506:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY004" ); data/unixodbc-2.3.6/DriverManager/__info.c:5508:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1004" ); data/unixodbc-2.3.6/DriverManager/__info.c:5514:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY007" ); data/unixodbc-2.3.6/DriverManager/__info.c:5516:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1007" ); data/unixodbc-2.3.6/DriverManager/__info.c:5522:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY009" ); data/unixodbc-2.3.6/DriverManager/__info.c:5524:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1009" ); data/unixodbc-2.3.6/DriverManager/__info.c:5530:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY010" ); data/unixodbc-2.3.6/DriverManager/__info.c:5532:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1010" ); data/unixodbc-2.3.6/DriverManager/__info.c:5538:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY011" ); data/unixodbc-2.3.6/DriverManager/__info.c:5540:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1011" ); data/unixodbc-2.3.6/DriverManager/__info.c:5546:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY012" ); data/unixodbc-2.3.6/DriverManager/__info.c:5548:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1012" ); data/unixodbc-2.3.6/DriverManager/__info.c:5554:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY013" ); data/unixodbc-2.3.6/DriverManager/__info.c:5556:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1013" ); data/unixodbc-2.3.6/DriverManager/__info.c:5561:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY017" ); data/unixodbc-2.3.6/DriverManager/__info.c:5567:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY024" ); data/unixodbc-2.3.6/DriverManager/__info.c:5569:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1009" ); data/unixodbc-2.3.6/DriverManager/__info.c:5575:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY090" ); data/unixodbc-2.3.6/DriverManager/__info.c:5577:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1090" ); data/unixodbc-2.3.6/DriverManager/__info.c:5583:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY092" ); data/unixodbc-2.3.6/DriverManager/__info.c:5585:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1092" ); data/unixodbc-2.3.6/DriverManager/__info.c:5591:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY095" ); data/unixodbc-2.3.6/DriverManager/__info.c:5593:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1095" ); data/unixodbc-2.3.6/DriverManager/__info.c:5599:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY097" ); data/unixodbc-2.3.6/DriverManager/__info.c:5601:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1097" ); data/unixodbc-2.3.6/DriverManager/__info.c:5607:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY098" ); data/unixodbc-2.3.6/DriverManager/__info.c:5609:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1098" ); data/unixodbc-2.3.6/DriverManager/__info.c:5615:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY099" ); data/unixodbc-2.3.6/DriverManager/__info.c:5617:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1099" ); data/unixodbc-2.3.6/DriverManager/__info.c:5623:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY100" ); data/unixodbc-2.3.6/DriverManager/__info.c:5625:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1100" ); data/unixodbc-2.3.6/DriverManager/__info.c:5631:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY101" ); data/unixodbc-2.3.6/DriverManager/__info.c:5633:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1101" ); data/unixodbc-2.3.6/DriverManager/__info.c:5639:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY103" ); data/unixodbc-2.3.6/DriverManager/__info.c:5641:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1103" ); data/unixodbc-2.3.6/DriverManager/__info.c:5647:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY105" ); data/unixodbc-2.3.6/DriverManager/__info.c:5649:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1105" ); data/unixodbc-2.3.6/DriverManager/__info.c:5655:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY106" ); data/unixodbc-2.3.6/DriverManager/__info.c:5657:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1106" ); data/unixodbc-2.3.6/DriverManager/__info.c:5663:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY110" ); data/unixodbc-2.3.6/DriverManager/__info.c:5665:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1110" ); data/unixodbc-2.3.6/DriverManager/__info.c:5671:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY111" ); data/unixodbc-2.3.6/DriverManager/__info.c:5673:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1111" ); data/unixodbc-2.3.6/DriverManager/__info.c:5679:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HYC00" ); data/unixodbc-2.3.6/DriverManager/__info.c:5681:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1C00" ); data/unixodbc-2.3.6/DriverManager/__info.c:5686:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM001" ); data/unixodbc-2.3.6/DriverManager/__info.c:5693:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM002" ); data/unixodbc-2.3.6/DriverManager/__info.c:5700:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM003" ); data/unixodbc-2.3.6/DriverManager/__info.c:5707:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM004" ); data/unixodbc-2.3.6/DriverManager/__info.c:5714:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM005" ); data/unixodbc-2.3.6/DriverManager/__info.c:5721:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM010" ); data/unixodbc-2.3.6/DriverManager/__info.c:5728:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM011" ); data/unixodbc-2.3.6/DriverManager/__info.c:5735:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "IM012" ); data/unixodbc-2.3.6/DriverManager/__info.c:5742:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "SL004" ); data/unixodbc-2.3.6/DriverManager/__info.c:5749:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "SL009" ); data/unixodbc-2.3.6/DriverManager/__info.c:5756:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "SL010" ); data/unixodbc-2.3.6/DriverManager/__info.c:5763:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "SL008" ); data/unixodbc-2.3.6/DriverManager/__info.c:5771:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "HY000" ); data/unixodbc-2.3.6/DriverManager/__info.c:5773:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "S1000" ); data/unixodbc-2.3.6/DriverManager/__info.c:5778:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( sqlstate, "?????" ); data/unixodbc-2.3.6/DriverManager/__info.c:5824:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[ 24 ]; data/unixodbc-2.3.6/DriverManager/__info.c:5831:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[ 256 ], str[ 20 ]; data/unixodbc-2.3.6/DriverManager/__info.c:5835:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( file_name, "/tmp/sql.log" ); data/unixodbc-2.3.6/DriverManager/__info.c:5862:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstamp_str[ 128 ]; data/unixodbc-2.3.6/DriverManager/__info.c:5871:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstamp_str, "[%ld.%06ld]", tv.tv_sec, tv.tv_usec ); data/unixodbc-2.3.6/DriverManager/__info.c:5879:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstamp_str, "[%ld.%03d]", tp.time, tp.millitm ); data/unixodbc-2.3.6/DriverManager/__info.c:5886:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( tstamp_str, "[%ld]", tv ); data/unixodbc-2.3.6/DriverManager/__info.c:5918:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_name[ 256 ], str[ 20 ]; data/unixodbc-2.3.6/DriverManager/__info.c:5922:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( file_name, "/tmp/sql.log" ); data/unixodbc-2.3.6/DriverManager/__stats.c:147:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmsg[512]=""; data/unixodbc-2.3.6/DriverManager/__stats.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char odbcini[1024]; data/unixodbc-2.3.6/DriverManager/__stats.c:175:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lh.id, UODBC_STATS_ID, 5); data/unixodbc-2.3.6/DriverManager/__stats.c:283:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h, &lh, sizeof(uodbc_stats_handle_t)); data/unixodbc-2.3.6/DriverManager/__stats.c:466:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, errmsg, buflen - 1); data/unixodbc-2.3.6/DriverManager/__stats.c:579:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s[cur_stat].name, "PID"); data/unixodbc-2.3.6/DriverManager/__stats.c:588:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s[cur_stat].name, "Environments"); data/unixodbc-2.3.6/DriverManager/__stats.c:593:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s[cur_stat].name, "Connections"); data/unixodbc-2.3.6/DriverManager/__stats.c:598:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s[cur_stat].name, "Statements"); data/unixodbc-2.3.6/DriverManager/__stats.c:603:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s[cur_stat].name, "Descriptors"); data/unixodbc-2.3.6/DriverManager/__stats.c:708:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, notbuilt, buflen - 1); data/unixodbc-2.3.6/DriverManager/__stats.h:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5]; /* identifier */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[ LOG_MSG_MAX ]; /* buff to format msgs */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[ LOG_MSG_MAX ]; /* buff to format msgs */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:316:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dl_name[ 256 ]; /* name of loaded lib */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:329:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsn[ SQL_MAX_DSN_LENGTH + 1 ]; /* where we are connected */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:354:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tracefile[ INI_MAX_PROPERTY_VALUE + 1 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:372:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_connect_string[ 1024 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:374:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server[ 128 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:376:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[ 128 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[ 128 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cli_year[ 5 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unicode_string[ 64 ]; /* name of unicode conversion */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:391:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char probe_sql[ 512 ]; /* SQL to use to check a pool is valid */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_connect_string[ 1024 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:402:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server[ 128 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[ 128 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[ 128 ]; data/unixodbc-2.3.6/DriverManager/drivermanager.h:421:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[ LOG_MSG_MAX ]; /* buff to format msgs */ data/unixodbc-2.3.6/DriverManager/drivermanager.h:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[ LOG_MSG_MAX ]; /* buff to format msgs */ data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBindCol.c:38:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt=$%08lX nCol=%5d", hStmt, nCol ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBindParameter.c:34:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt=$%08lX nParameterNumber=%d nIOType=%d nBufferType=%d nParamType=%d nParamLength=%d nScale=%d pData=$%08lX nBufferLength=%d *pnLengthOrIndicator=$%08lX",hStmt,nParameterNumber,nIOType,nBufferType,nParamType,nParamLength,nScale,pData,nBufferLength, *pnLengthOrIndicator ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBrowseConnect.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBulkOperations.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLBulkOperations.c:40:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Unknown nOperation=%d", nOperation ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLCancel.c:24:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLCloseCursor.c:24:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:157:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "Invalid nFieldIdentifier value of %d", nFieldIdentifier ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttributes.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttributes.c:69:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR nDescType=%d", nDescType ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumnPrivileges.c:32:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumns.c:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[101]; data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumns.c:97:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColumns.c:193:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szBuffer, "%d", pField->length ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDATABASE[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCONFIGFILE[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szHOST[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:90:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( szHOST, "localhost" ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeCol.c:33:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeParam.c:37:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDisconnect.c:24:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDriverConnect.c:32:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDriverConnect.c:55:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "Invalid nDriverCompletion=%d", nDriverCompletion ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szMsgHdr[1024]; data/unixodbc-2.3.6/Drivers/MiniSQL/SQLExecDirect.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLExtendedFetch.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFetch.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFetch.c:61:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Failed to get data for column %d", nColumn ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFetchScroll.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLFetchScroll.c:89:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Failed to get data for column %d", nColumn ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLForeignKeys.c:36:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetConnectAttr.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetConnectOption.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetCursorName.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetInfo.c:30:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( pInfoValue, "mSQL"); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetStmtAttr.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetStmtOption.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetTypeInfo.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLMoreResults.c:24:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLNativeSql.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLNumParams.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLNumResultCols.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLParamData.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLParamOptions.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLPrimaryKeys.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLProcedureColumns.c:33:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLProcedures.c:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLPutData.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLRowCount.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetCursorName.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetParam.c:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetPos.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetPos.c:43:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Invalid nOperation=%d", nOperation ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetPos.c:57:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Invalid nLockType=%d", nLockType ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetScrollOptions.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetStmtAttr.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetStmtOption.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSpecialColumns.c:66:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLStatistics.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[101]; data/unixodbc-2.3.6/Drivers/MiniSQL/SQLStatistics.c:79:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTablePrivileges.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTables.c:59:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTables.c:125:99: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (hStmt->hStmtExtras->aResults)[hStmt->hStmtExtras->nRow*hStmt->hStmtExtras->nCols+nColumn] = (char *)strdup( rowResult[0] ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTransact.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hEnv->szSqlMsg, "hEnv = $%08lX", hEnv ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLTransact.c:38:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hEnv->szSqlMsg, "SQL_ERROR Invalid nType=%d", nType ); data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocConnect.c:28:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hEnv->szSqlMsg, "hEnv = $%08lX phDbc = $%08lX", hEnv, phDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocStmt.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocStmt.c:49:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "*phstmt = $%08lX", *phStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/_AllocStmt.c:59:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( (*phStmt)->szCursorName, "CUR_%08lX", *phStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/_Execute.c:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/_Execute.c:103:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (hStmt->hStmtExtras->aResults)[nRow*nCols+nColumn] = (char *)strdup( rowResult[nColumn-1] ); data/unixodbc-2.3.6/Drivers/MiniSQL/_GetData.c:75:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Unknown target type %d", nTargetType ); data/unixodbc-2.3.6/Drivers/MiniSQL/_GetData.c:87:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((int *)pTarget) = atoi(pSourceData); data/unixodbc-2.3.6/Drivers/MiniSQL/_GetData.c:105:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Unknown target type %d", nTargetType ); data/unixodbc-2.3.6/Drivers/MiniSQL/_NativeToSQLColumnHeader.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[501]; data/unixodbc-2.3.6/Drivers/MiniSQL/_Prepare.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeConnect.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hDbc->szSqlMsg, "hDbc = $%08lX", hDbc ); data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeEnv.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hEnv->szSqlMsg, "hEnv = $%08lX", hEnv ); data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeStmt.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/MiniSQL/_sqlFreeStmt.c:46:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( hStmt->szSqlMsg, "SQL_ERROR Invalid nOption=%d", nOption ); data/unixodbc-2.3.6/Drivers/Postgre7.1/columninfo.c:63:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_field_name[MAX_MESSAGE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:457:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). self->translation_option = atoi (self->connInfo.translation_option); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:524:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuffer[ERROR_MSG_LENGTH]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[5], notice[512]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:586:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SOCK_connect_to(sock, (short) atoi(ci->port), ci->server, ci->uds); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:763:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt_para, salt, sizeof(salt)); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:908:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msg[4096]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:993:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msgbuffer[MAX_MESSAGE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:994:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuffer[MAX_MESSAGE_LEN+1]; /* QR_set_command() dups this string so dont need static */ data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1283:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msgbuffer[MAX_MESSAGE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1315:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SOCK_put_n_char(sock, (char *) args[i].u.ptr, args[i].len); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1589:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szVersion[32]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1625:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(szVersion, "0.0"); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1627:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szVersion, "%d.%d", major, minor); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[SM_DATABASE]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[SM_USER]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[SM_OPTIONS]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[SM_UNUSED]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tty[SM_TTY]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[PATH_SIZE]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[NAMEDATALEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[ARGV_SIZE]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char execfile[ARGV_SIZE]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tty[PATH_SIZE]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsn[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_settings[LARGE_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char protocol[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uds[LARGE_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char onlyread[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fake_oid_index[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char show_oid_column[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char row_versioning[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char show_system_tables[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char translation_dll[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char translation_option[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:199:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (SERVER_VERSION_GT(conn, (int) ver, atoi(STRING_AFTER_DOT(ver)))) data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:201:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (SERVER_VERSION_GE(conn, (int) ver, atoi(STRING_AFTER_DOT(ver)))) data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:203:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (SERVER_VERSION_EQ(conn, (int) ver, atoi(STRING_AFTER_DOT(ver)))) data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_TABLE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pg_version[MAX_INFO_STRING]; /* Version of PostgreSQL we're connected to - DJP 25-1-2001 */ data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saved_locale[256]; data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:382:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rgbValueBindRow, "%.4d-%.2d-%.2d", st.y, st.m, st.d); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:388:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rgbValueBindRow, "%.2d:%.2d:%.2d", st.hh, st.mm, st.ss); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:397:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rgbValueBindRow, "%.4d-%.2d-%.2d %.2d:%.2d:%.2d", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:564:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(UCHAR *) ((char *) rgbValue + (bind_row * bind_size)) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:566:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((UCHAR *)rgbValue + bind_row) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:575:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(SCHAR *) ((char *) rgbValue + (bind_row * bind_size)) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:577:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((SCHAR *) rgbValue + bind_row) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:584:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(UCHAR *) ((char *) rgbValue + (bind_row * bind_size)) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:586:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((UCHAR *) rgbValue + bind_row) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:626:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(SWORD *) ((char *) rgbValue + (bind_row * bind_size)) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:628:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((SWORD *)rgbValue + bind_row) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:635:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(UWORD *) ((char *) rgbValue + (bind_row * bind_size)) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:637:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((UWORD *)rgbValue + bind_row) = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:645:64: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(SDWORD *) ((char *) rgbValue + (bind_row * bind_size)) = atol(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:647:40: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((SDWORD *)rgbValue + bind_row) = atol(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:654:64: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *(UDWORD *) ((char *) rgbValue + (bind_row * bind_size)) = atol(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:656:40: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((UDWORD *)rgbValue + bind_row) = atol(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:672:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lv = atol( value ); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:717:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rgbValueBindRow, ptr, copy_len); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:757:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_string[1024], tmp[256]; data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:784:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(stmt->cursor_name, "SQL_CUR%p", stmt); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:821:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_statement[npos], esc, strlen(esc)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:860:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(&new_statement[npos], "NULL"); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:878:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(&new_statement[npos], "NULL"); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:944:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%g", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:956:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%g", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:966:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%ld", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:968:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%d", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:975:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%d", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:981:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%d", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:987:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%lu", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:989:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%u", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:995:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%u", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1000:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%u", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1007:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "%d", i ? 1 : 0); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1082:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%.4d-%.2d-%.2d %.2d:%.2d:%.2d", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1099:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "'%.4d-%.2d-%.2d'", st.y, st.m, st.d); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1111:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "'%.2d:%.2d:%.2d'", st.hh, st.mm, st.ss); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1124:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "'%.4d-%.2d-%.2d %.2d:%.2d:%.2d'", data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1227:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_string, "'%d'", lobj_oid); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1256:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cbuf, "'::numeric"); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1321:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char escape[1024]; data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1322:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[33]; data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1599:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char x[6]; data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1646:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&out[o], "%%2B"); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1653:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&out[o], "%%%02x", (unsigned char) in[i]); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1673:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&out[o++], "%c", conv_from_hex((SQLCHAR*)&in[i])); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1739:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oid = atoi(value); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:233:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:249:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CheckDlgButton(hdlg, DS_READONLY, atoi(ci->onlyread)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:261:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CheckDlgButton(hdlg, DS_SHOWOIDCOLUMN, atoi(ci->show_oid_column)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:262:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CheckDlgButton(hdlg, DS_FAKEOIDINDEX, atoi(ci->fake_oid_index)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:263:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CheckDlgButton(hdlg, DS_ROWVERSIONING, atoi(ci->row_versioning)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:264:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CheckDlgButton(hdlg, DS_SHOWSYSTEMTABLES, atoi(ci->show_system_tables)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:266:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). EnableWindow(GetDlgItem(hdlg, DS_FAKEOIDINDEX), atoi(ci->show_oid_column)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:287:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->onlyread, "%d", IsDlgButtonChecked(hdlg, DS_READONLY)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:297:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->show_system_tables, "%d", IsDlgButtonChecked(hdlg, DS_SHOWSYSTEMTABLES)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:299:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->row_versioning, "%d", IsDlgButtonChecked(hdlg, DS_ROWVERSIONING)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:302:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->fake_oid_index, "%d", IsDlgButtonChecked(hdlg, DS_FAKEOIDINDEX)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:303:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->show_oid_column, "%d", IsDlgButtonChecked(hdlg, DS_SHOWOIDCOLUMN)); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:326:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encoded_conn_settings[LARGE_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:414:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->onlyread, "%d", globals.onlyread); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:420:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->fake_oid_index, "%d", DEFAULT_FAKEOIDINDEX); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:423:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->show_oid_column, "%d", DEFAULT_SHOWOIDCOLUMN); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:426:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->show_system_tables, "%d", DEFAULT_SHOWSYSTEMTABLES); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:429:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ci->row_versioning, "%d", DEFAULT_ROWVERSIONING); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:437:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encoded_conn_settings[LARGE_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:550:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encoded_conn_settings[LARGE_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:631:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[256]; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:638:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.fetch_max = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:651:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.socket_buffersize = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:660:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.debug = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:669:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.commlog = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:678:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.disable_optimizer = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:686:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.ksqo = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:694:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.unique_index = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:703:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.unknown_sizes = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:712:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.lie = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:720:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.parse = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:728:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.cancel_as_freestmt = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:738:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.use_declarefetch = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:747:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.max_varchar_size = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:755:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.max_longvarchar_size = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:763:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.text_as_longvarchar = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:771:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.unknowns_as_longvarchar = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:779:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.bools_as_char = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:806:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). globals.onlyread = atoi(temp); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:830:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:832:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.fetch_max); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:836:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.commlog); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:840:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.disable_optimizer); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:844:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.ksqo); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:848:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.unique_index); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:852:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.onlyread); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:856:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.use_declarefetch); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:860:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.unknown_sizes); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:864:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.text_as_longvarchar); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:868:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.unknowns_as_longvarchar); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:872:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.bools_as_char); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:876:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.parse); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:880:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.cancel_as_freestmt); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:884:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.max_varchar_size); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:888:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%d", globals.max_longvarchar_size); data/unixodbc-2.3.6/Drivers/Postgre7.1/drvconn.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connStrIn[MAX_CONNECT_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/drvconn.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connStrOut[MAX_CONNECT_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/drvconn.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[5]; data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:99:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:121:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "01004"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:125:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "01000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:129:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "08S01"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:133:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S0001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:138:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1010"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:142:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:146:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1002"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:150:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:154:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:158:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:162:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1107"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:166:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1008"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:170:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1C00"); /* == 'driver not capable' */ data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:173:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1092"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:176:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1093"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:179:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1002"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:182:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "07006"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:185:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "24000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:188:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "01S02"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:191:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "34000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:194:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1015"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:197:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1009"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:201:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1109"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:205:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "22003"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:209:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1011"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:214:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:223:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:242:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:262:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "01S02"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:266:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "01004"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:270:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "IM002"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:274:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "08001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:279:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "28000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:282:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:286:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:290:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "IM001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:293:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1009"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:297:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1010"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:302:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:306:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1C00"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:311:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "22003"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:315:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:323:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:339:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:359:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1001"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:362:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "S1000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:369:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:382:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)szSqlState, "00000"); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:113:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. limlen = sprintf(buffer," LIMIT %d", self->options.maxRows); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:730:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current_param->EXEC_buffer, rgbValue, cbValue); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:785:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[old_pos], rgbValue, cbValue); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:958:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tables_query[STD_STATEMENT_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:959:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_name[MAX_INFO_STRING], table_owner[MAX_INFO_STRING], relkind_or_hasrules[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:962:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prefix[32], prefixes[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:963:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *table_type[32], table_types[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:994:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tables_query, "select relname, usename, relkind from pg_class, pg_user"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:995:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tables_query, " where relkind in ('r', 'v')"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:998:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tables_query, "select relname, usename, relhasrules from pg_class, pg_user"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:999:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tables_query, " where relkind = 'r'"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1052:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( ! atoi(ci->show_system_tables) && ! show_system_tables) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1058:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tables_query, "|^"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1069:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tables_query, " and relname !~ '^xinv[0-9]+'"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1071:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tables_query, " and usesysid = relowner"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1072:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tables_query, " order by relname"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1139:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( ! atoi(ci->show_system_tables)) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1235:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char columns_query[STD_STATEMENT_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1237:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_owner[MAX_INFO_STRING], table_name[MAX_INFO_STRING], field_name[MAX_INFO_STRING], field_type_name[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1241:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char not_null[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1275:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(columns_query, " order by attnum"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1431:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(ci->show_oid_column) || data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1563:52: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( relhasrules[0] != '1' && ! stmt->internal && atoi(ci->row_versioning)) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1642:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char columns_query[STD_STATEMENT_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1644:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relhasrules[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1662:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(columns_query, "select c.relhasrules " data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1734:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(ci->row_versioning)) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1775:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char index_query[STD_STATEMENT_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1779:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char index_name[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1781:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char isunique[10], isclustered[10]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1787:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char column_name[MAX_INFO_STRING], relhasrules[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1793:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1969:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( relhasrules[0] != '1' && atoi(ci->show_oid_column) && atoi(ci->fake_oid_index)) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1969:61: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( relhasrules[0] != '1' && atoi(ci->show_oid_column) && atoi(ci->fake_oid_index)) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2006:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (fUnique == SQL_INDEX_UNIQUE && atoi(isunique))) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2022:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). set_tuplefield_int2(&row->tuple[3], (Int2) (atoi(isunique) ? FALSE : TRUE)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2031:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). set_tuplefield_int2(&row->tuple[6], (Int2) (atoi(isclustered) ? SQL_INDEX_CLUSTERED : SQL_INDEX_OTHER)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2137:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tables_query[STD_STATEMENT_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2138:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2140:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pktab[MAX_TABLE_LEN + 1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2316:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tables_query[STD_STATEMENT_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2317:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trig_deferrable[2]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2318:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trig_initdeferred[2]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2319:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trig_args[1024]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2320:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char upd_rule[MAX_TABLE_LEN], del_rule[MAX_TABLE_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2321:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pk_table_needed[MAX_TABLE_LEN + 1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2322:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fk_table_needed[MAX_TABLE_LEN + 1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2329:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkey[MAX_INFO_STRING]; data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.c:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, b, sizeof(uint8) * len); data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.c:339:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crypt_buf + passwd_len, salt, salt_len); data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.c:341:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "md5"); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuf[80]; data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:74:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). LOGFP = fopen(filebuf, PG_BINARY_W); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuf[80]; data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:102:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). LOGFP = fopen(filebuf, PG_BINARY_W); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:153:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, src_len); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:157:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, dst_len-1); data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:220:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option[64]; data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:224:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(option, "fOption=%d, vParam=%ld", fOption, (long)vParam); data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:229:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(option, "fOption=%d, vParam=%ld", fOption, (long)vParam); data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:367:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option[64]; data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:369:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(option, "fOption=%d, vParam=%ld", fOption, vParam); data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:445:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option[64]; data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:447:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(option, "fOption=%d", fOption); data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:604:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char option[64]; data/unixodbc-2.3.6/Drivers/Postgre7.1/options.c:606:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(option, "fOption=%d", fOption); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:188:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fi->type = atoi( QR_get_value_manual(col_info->result, k, 13)); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:189:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fi->precision = atoi( QR_get_value_manual(col_info->result, k, 6)); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:190:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fi->length = atoi( QR_get_value_manual(col_info->result, k, 7)); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:191:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fi->nullable = atoi( QR_get_value_manual(col_info->result, k, 10)); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:192:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fi->display_size = atoi( QR_get_value_manual(col_info->result, k, 12)); data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:220:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[256]; data/unixodbc-2.3.6/Drivers/Postgre7.1/psqlodbc.h:133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra_systable_prefixes[MEDIUM_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/psqlodbc.h:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_settings[LARGE_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/psqlodbc.h:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char protocol[SMALL_REGISTRY_LEN]; data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:300:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:353:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char msgbuffer[MAX_MESSAGE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:354:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuffer[MAX_MESSAGE_LEN+1]; /* QR_set_command() dups this string so dont need static */ data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:355:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fetch[128]; data/unixodbc-2.3.6/Drivers/Postgre7.1/qresult.c:548:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bmp, bitmap[MAX_FIELDS]; /* Max. len of the bitmap */ data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:83:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *pcrow = atoi(ptr+1); data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:182:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[255]; data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:254:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Col#=%d, #Cols=%d", icol, QR_NumResultCols(res)); data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c:124:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sadr.sin_addr), host->h_addr, host->h_length); data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c:127:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sadr.sin_addr), (struct in_addr *) &iaddr, sizeof(iaddr)); data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c:296:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:533:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[4096]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:550:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, notice, len); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:687:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:689:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld", SC_get_bookmark(self)); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:827:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fetch[128]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_TABLE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alias[MAX_TABLE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dot[MAX_TABLE_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_COLUMN_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alias[MAX_COLUMN_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cursor_name[MAX_CURSOR_LEN+1]; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.h:186:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmt_with_params[STD_STATEMENT_LEN]; /* statement after parameter substitution */ data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:45:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%d", value); data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:54:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[15]; data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:56:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%ld", (long)value); data/unixodbc-2.3.6/Drivers/nn/SQLConnect.c:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/unixodbc-2.3.6/Drivers/nn/SQLDriverConnect.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/unixodbc-2.3.6/Drivers/nn/SQLError.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/unixodbc-2.3.6/Drivers/nn/connect.c:157:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf + i, "/odbc.ini"); data/unixodbc-2.3.6/Drivers/nn/connect.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/unixodbc-2.3.6/Drivers/nn/connect.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dsntk[SQL_MAX_DSN_LENGTH + 3] = { '[', '\0' }; data/unixodbc-2.3.6/Drivers/nn/connect.c:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[1024]; /* large enough */ data/unixodbc-2.3.6/Drivers/nn/connect.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[1024]; data/unixodbc-2.3.6/Drivers/nn/connect.c:246:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = (FILE*)fopen(path, "r"); data/unixodbc-2.3.6/Drivers/nn/connect.c:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[1024] = { '\0' }; data/unixodbc-2.3.6/Drivers/nn/convert.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[16]; data/unixodbc-2.3.6/Drivers/nn/convert.c:76:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (char*)atol(tbuf); data/unixodbc-2.3.6/Drivers/nn/convert.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[16]; data/unixodbc-2.3.6/Drivers/nn/convert.c:109:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "%04d-%02d-%02d", dt->year, dt->month, dt->day); data/unixodbc-2.3.6/Drivers/nn/convert.c:155:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "%d", c); data/unixodbc-2.3.6/Drivers/nn/convert.c:168:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "%d", c); data/unixodbc-2.3.6/Drivers/nn/convert.c:181:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "%ld", l); data/unixodbc-2.3.6/Drivers/nn/convert.c:288:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a = (unsigned long)atol(ptr); data/unixodbc-2.3.6/Drivers/nn/convert.c:305:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a = atoi(ptr); data/unixodbc-2.3.6/Drivers/nn/convert.c:320:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *buf = atol(ptr); data/unixodbc-2.3.6/Drivers/nn/convert.c:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[48]; data/unixodbc-2.3.6/Drivers/nn/convert.c:342:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tbuf, "%ld", x); data/unixodbc-2.3.6/Drivers/nn/convert.c:398:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04d-%02d-%02d", dt->year, dt->month, dt->day); data/unixodbc-2.3.6/Drivers/nn/nndate.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/unixodbc-2.3.6/Drivers/nn/nndate.c:41:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(i = atoi(buf)) data/unixodbc-2.3.6/Drivers/nn/nndate.c:82:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(str)) data/unixodbc-2.3.6/Drivers/nn/nndate.c:134:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dt.year = atoi(str); str += 5; data/unixodbc-2.3.6/Drivers/nn/nndate.c:136:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dt.month = atoi(str); data/unixodbc-2.3.6/Drivers/nn/nndate.c:175:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dt.day = atoi(str); data/unixodbc-2.3.6/Drivers/nn/nntp.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:88:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( atoi(server) > 0 ) data/unixodbc-2.3.6/Drivers/nn/nntp.c:103:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (char*)&srvaddr.sin_addr, data/unixodbc-2.3.6/Drivers/nn/nntp.c:167:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). switch( atoi( msgbuf ) ) data/unixodbc-2.3.6/Drivers/nn/nntp.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response[64]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:270:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atoi(response); data/unixodbc-2.3.6/Drivers/nn/nntp.c:291:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmsgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:313:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atoi(tmsgbuf); data/unixodbc-2.3.6/Drivers/nn/nntp.c:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmsgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:375:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pcndes->code = atoi(tmsgbuf); data/unixodbc-2.3.6/Drivers/nn/nntp.c:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmsgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:411:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pcndes->code = atoi(tmsgbuf); data/unixodbc-2.3.6/Drivers/nn/nntp.c:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:449:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pcndes->code = atoi(tbuf); data/unixodbc-2.3.6/Drivers/nn/nntp.c:542:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[20]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:708:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:726:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pcndes->code = atoi(msgbuf); data/unixodbc-2.3.6/Drivers/nn/nntp.c:796:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/nntp.c:808:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pcndes->code = atoi(msgbuf); data/unixodbc-2.3.6/Drivers/nn/nntp.c:823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/unixodbc-2.3.6/Drivers/nn/yylex.c:100:6: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a = atol((penv->pstmt->sqlexpr) + (penv->scanpos)); data/unixodbc-2.3.6/Drivers/nn/yylex.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opname[3]; data/unixodbc-2.3.6/Drivers/nn/yyparse.c:1706:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "parse error"); data/unixodbc-2.3.6/Drivers/nn/yystmt.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[64]; /* buf to hold message string passed to data/unixodbc-2.3.6/Drivers/template/SQLAllocConnect.c:30:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hEnv->szSqlMsg, "hEnv = $%08lX phDbc = $%08lX", (long)hEnv, (long)phDbc ); data/unixodbc-2.3.6/Drivers/template/SQLAllocStmt.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLAllocStmt.c:49:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "*phstmt = $%08lX", (long)*phStmt ); data/unixodbc-2.3.6/Drivers/template/SQLAllocStmt.c:59:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)(*phStmt)->szCursorName, "CUR_%08lX", *phStmt ); data/unixodbc-2.3.6/Drivers/template/SQLBindCol.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt=$%08lX nCol=%5d", (long) hStmt, nCol ); data/unixodbc-2.3.6/Drivers/template/SQLBindCol.c:41:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Column %d is out of range. Range is 1 - %d", nCol, hStmt->hStmtExtras->nCols ); data/unixodbc-2.3.6/Drivers/template/SQLBindParameter.c:34:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt=$%08lX nParameterNumber=%d nIOType=%d nBufferType=%d nParamType=%d nParamLength=%ld nScale=%d pData=$%08lX nBufferLength=%ld *pnLengthOrIndicator=$%08lX",(long) hStmt,nParameterNumber,nIOType,nBufferType,nParamType,(long) nParamLength,nScale,(long) pData,(long) nBufferLength, *pnLengthOrIndicator ); data/unixodbc-2.3.6/Drivers/template/SQLBrowseConnect.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLBulkOperations.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLBulkOperations.c:40:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Unknown nOperation=%d", nOperation ); data/unixodbc-2.3.6/Drivers/template/SQLCancel.c:24:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLCloseCursor.c:24:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:157:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "Invalid nFieldIdentifier value of %d", nFieldIdentifier ); data/unixodbc-2.3.6/Drivers/template/SQLColAttributes.c:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLColAttributes.c:70:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR nDescType=%d", nDescType ); data/unixodbc-2.3.6/Drivers/template/SQLColumnPrivileges.c:32:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLColumns.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[101]; data/unixodbc-2.3.6/Drivers/template/SQLColumns.c:80:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDATABASE[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szHOST[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPORT[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFLAG[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/Drivers/template/SQLDescribeCol.c:42:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Column %d is out of range. Range is 1 - %d", nCol, hStmt->hStmtExtras->nCols ); data/unixodbc-2.3.6/Drivers/template/SQLDescribeParam.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLDisconnect.c:24:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDSN[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDRIVER[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szUID[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPWD[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDATABASE[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szHOST[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPORT[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szSOCKET[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFLAG[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameValue[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1] = ""; data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:45:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLDriverConnect.c:68:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "Invalid nDriverCompletion=%d", nDriverCompletion ); data/unixodbc-2.3.6/Drivers/template/SQLExecDirect.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLExecute.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLExtendedFetch.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLFetch.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLFetch.c:61:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Failed to get data for column %d", nColumn ); data/unixodbc-2.3.6/Drivers/template/SQLFetchScroll.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLForeignKeys.c:36:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLFreeConnect.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLFreeEnv.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hEnv->szSqlMsg, "hEnv = $%08lX", (long)hEnv ); data/unixodbc-2.3.6/Drivers/template/SQLFreeStmt.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLFreeStmt.c:46:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Invalid nOption=%d", nOption ); data/unixodbc-2.3.6/Drivers/template/SQLGetConnectAttr.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLGetConnectOption.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLGetCursorName.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLGetDiagRec.c:35:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) pszState, "-----" ); data/unixodbc-2.3.6/Drivers/template/SQLGetStmtAttr.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLGetStmtOption.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLGetTypeInfo.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLMoreResults.c:24:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLNativeSql.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLNumParams.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLNumResultCols.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLParamData.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLParamOptions.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLPrepare.c:33:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLPrimaryKeys.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLProcedureColumns.c:33:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLProcedures.c:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLPutData.c:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLRowCount.c:25:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSetCursorName.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSetParam.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSetPos.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSetPos.c:43:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Invalid nOperation=%d", nOperation ); data/unixodbc-2.3.6/Drivers/template/SQLSetPos.c:57:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Invalid nLockType=%d", nLockType ); data/unixodbc-2.3.6/Drivers/template/SQLSetScrollOptions.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long) hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSetStmtAttr.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSetStmtOption.c:26:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLSpecialColumns.c:45:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLStatistics.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szSQL[200]; data/unixodbc-2.3.6/Drivers/template/SQLStatistics.c:66:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long) hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLTablePrivileges.c:30:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLTables.c:61:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "hStmt = $%08lX", (long)hStmt ); data/unixodbc-2.3.6/Drivers/template/SQLTransact.c:27:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "hDbc = $%08lX", (long)hDbc ); data/unixodbc-2.3.6/Drivers/template/SQLTransact.c:38:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hDbc->szSqlMsg, "SQL_ERROR Invalid nType=%d", nType ); data/unixodbc-2.3.6/Drivers/template/_GetData.c:75:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Unknown target type %d", nTargetType ); data/unixodbc-2.3.6/Drivers/template/_GetData.c:87:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *((int *)pTarget) = atoi(pSourceData); data/unixodbc-2.3.6/Drivers/template/_GetData.c:105:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*) hStmt->szSqlMsg, "SQL_ERROR Unknown target type %d", nTargetType ); data/unixodbc-2.3.6/cur/SQLExecDirect.c:176:35: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). cl_statement -> rowset_file = tmpfile(); data/unixodbc-2.3.6/cur/SQLExecDirect.c:193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cname[ 256 ]; data/unixodbc-2.3.6/cur/SQLExecDirect.c:284:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> sql_text, statement_text, text_length ); data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:157:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &ret, cl_statement -> rowset_buffer, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:175:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cbuf -> local_buffer, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:180:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &cbuf -> len_ind, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:227:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buffer, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:235:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ind_ptr, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:275:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> rowset_buffer, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:293:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> rowset_buffer + data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:298:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> rowset_buffer + data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:351:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( buffer, data/unixodbc-2.3.6/cur/SQLExtendedFetch.c:359:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ind_ptr, data/unixodbc-2.3.6/cur/SQLGetCursorName.c:74:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cursor_name, cl_statement -> cursor_name, data/unixodbc-2.3.6/cur/SQLGetData.c:391:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) sql, " AND" ); data/unixodbc-2.3.6/cur/SQLGetData.c:395:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) sql, " WHERE" ); data/unixodbc-2.3.6/cur/SQLGetData.c:409:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addon[ 256 ]; data/unixodbc-2.3.6/cur/SQLGetData.c:428:15: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) sql, " AND" ); data/unixodbc-2.3.6/cur/SQLGetData.c:440:15: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) sql, " AND" ); data/unixodbc-2.3.6/cur/SQLPrepare.c:79:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> sql_text, statement_text, text_length ); data/unixodbc-2.3.6/cur/SQLSetCursorName.c:73:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> cursor_name, cursor_name, data/unixodbc-2.3.6/cur/SQLSetCursorName.c:87:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> cursor_name, cursor_name, data/unixodbc-2.3.6/cur/SQLSetCursorName.c:94:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cl_statement -> cursor_name, cursor_name, data/unixodbc-2.3.6/exe/isql.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[24]; data/unixodbc-2.3.6/exe/isql.c:82:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rlhistory, "/.isql_history"); data/unixodbc-2.3.6/exe/isql.c:117:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nUserWidth = atoi( &(argv[nArg][2]) ); data/unixodbc-2.3.6/exe/isql.c:120:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). buffer_size = atoi( &(argv[nArg][2]) ); data/unixodbc-2.3.6/exe/isql.c:151:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_col_size = atoi( &(argv[nArg][2]) ); data/unixodbc-2.3.6/exe/isql.c:242:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( prompt, "*%d SQL> ", ++linen ); data/unixodbc-2.3.6/exe/isql.c:246:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( prompt, "%d SQL> ", ++linen ); data/unixodbc-2.3.6/exe/isql.c:251:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( prompt, "SQL> " ); data/unixodbc-2.3.6/exe/isql.c:458:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( szSQL + bufpos, line, len ); data/unixodbc-2.3.6/exe/isql.c:777:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[10]; data/unixodbc-2.3.6/exe/isql.c:1151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[10]; data/unixodbc-2.3.6/exe/isql.c:1587:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sret = sprintf( (char*)szColumn, "| %-*.*s", data/unixodbc-2.3.6/exe/isql.c:1590:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)szColumn, "| %-*.*s", data/unixodbc-2.3.6/exe/isql.c:1594:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) *szSepLine, "+\n" ); data/unixodbc-2.3.6/exe/isql.c:1595:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) szHdrLine, "|\n" ); data/unixodbc-2.3.6/exe/isql.c:1647:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sret = sprintf( (char*)szColumn, "| %-*.*s", data/unixodbc-2.3.6/exe/isql.c:1649:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (sret < 0) sprintf( (char*)szColumn, "| %-*.*s", data/unixodbc-2.3.6/exe/isql.c:1654:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sret = sprintf( (char*)szColumn, "| %-*.*s...", data/unixodbc-2.3.6/exe/isql.c:1656:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (sret < 0) sprintf( (char*)szColumn, "| %-*.*s", data/unixodbc-2.3.6/exe/iusql.c:128:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). buffer_size = atoi( &(argv[nArg][2]) ); data/unixodbc-2.3.6/exe/iusql.c:280:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zcstr[ 1024 ], tmp[ 1024 ]; data/unixodbc-2.3.6/exe/iusql.c:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTable[250] = ""; data/unixodbc-2.3.6/exe/iusql.c:796:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) szSepLine, "+\n" ); data/unixodbc-2.3.6/exe/iusql.c:797:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char*) szHdrLine, "|\n" ); data/unixodbc-2.3.6/exe/iusql.c:846:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) szColumn, "| " ); data/unixodbc-2.3.6/exe/iusql.c:856:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*) szColumn, "| " ); data/unixodbc-2.3.6/exe/odbcinst.c:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szError[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/exe/odbcinst.c:102:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( odbcinstwnd.szUI, "odbcinstQ4" ); data/unixodbc-2.3.6/exe/odbcinst.c:133:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( odbcinstwnd.szUI, "odbcinstQ4" ); data/unixodbc-2.3.6/exe/odbcinst.c:144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObject[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/exe/odbcinst.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szProperty[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/exe/odbcinst.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/exe/odbcinst.c:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriver[10000]; data/unixodbc-2.3.6/exe/odbcinst.c:148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPathOut[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/exe/odbcinst.c:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szResults[4048]; data/unixodbc-2.3.6/exe/odbcinst.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[501]; data/unixodbc-2.3.6/exe/odbcinst.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/exe/odbcinst.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObject[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/exe/odbcinst.c:274:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szProperty[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/exe/odbcinst.c:275:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/exe/odbcinst.c:296:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( szFileName, "ODBC.INI" ); data/unixodbc-2.3.6/exe/odbcinst.c:397:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szResults[9601]; data/unixodbc-2.3.6/exe/odbcinst.c:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[501]; data/unixodbc-2.3.6/exe/odbcinst.c:464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/exe/odbcinst.c:465:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ 256 ], b2[ 256 ]; data/unixodbc-2.3.6/exe/odbcinst.c:495:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTemplateINI[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/exe/odbcinst.c:496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/exe/slencheck.c:45:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mem[ 8 ]; data/unixodbc-2.3.6/extras/snprintf.c:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[20]; data/unixodbc-2.3.6/extras/snprintf.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconvert[20]; data/unixodbc-2.3.6/extras/snprintf.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fconvert[20]; data/unixodbc-2.3.6/extras/vms.c:20:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char error_buffer[256]; data/unixodbc-2.3.6/extras/vms.c:21:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char getenv_buffer[256]; data/unixodbc-2.3.6/extras/vms.c:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[NAM$C_MAXRSS]; data/unixodbc-2.3.6/extras/vms.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char translate_buffer[NAM$C_MAXRSS+1]; data/unixodbc-2.3.6/extras/vms.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defimg[NAM$C_MAXRSS+1]; data/unixodbc-2.3.6/extras/vms.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_fspec[NAM$C_MAXRSS+1]; data/unixodbc-2.3.6/extras/vms.c:110:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( defimg, ".EXE" ); data/unixodbc-2.3.6/extras/vms.c:114:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( defimg, "LTDL_LIBRARY_PATH:.EXE" ); data/unixodbc-2.3.6/extras/vms.c:128:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( defimg, "SYS$SHARE:.EXE" ); data/unixodbc-2.3.6/extras/vms.c:230:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf (error_buffer, "OpenVMS exit status %8X", error_status); data/unixodbc-2.3.6/extras/vms.c:263:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eqvname[256]; data/unixodbc-2.3.6/include/ini.h:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/include/ini.h:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/include/ini.h:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/include/ini.h:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; /* FULL INI FILE NAME */ data/unixodbc-2.3.6/include/ini.h:109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cComment[ 5 ]; /* COMMENT CHAR MUST BE IN FIRST COLUMN */ data/unixodbc-2.3.6/include/ini.h:465:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define uo_fopen fopen data/unixodbc-2.3.6/include/odbcinst.h:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szUI[FILENAME_MAX]; /*!< Plugin file name (no path and no extension) ie "odbcinstQ4". */ data/unixodbc-2.3.6/include/odbcinstext.h:307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[INI_MAX_PROPERTY_NAME+1]; /* property name */ data/unixodbc-2.3.6/include/odbcinstext.h:308:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; /* property value */ data/unixodbc-2.3.6/include/odbctrace.h:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[FILENAME_MAX]; /*!< file name of trace plugin */ data/unixodbc-2.3.6/include/odbctrace.h:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTraceFile[FILENAME_MAX]; /*!< SQL_ATTR_TRACEFILE */ data/unixodbc-2.3.6/include/sqp.h:170:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char g_szError[1024]; data/unixodbc-2.3.6/include/uodbc_stats.h:60:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_value[256]; /* string type */ data/unixodbc-2.3.6/include/uodbc_stats.h:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; /* name of statistic */ data/unixodbc-2.3.6/ini/iniAppend.c:23:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szLine[INI_MAX_LINE+1]; data/unixodbc-2.3.6/ini/iniAppend.c:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/ini/iniAppend.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/ini/iniAppend.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/ini/iniCursor.c:25:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( hIniCursor, hIni, sizeof(INI) ); data/unixodbc-2.3.6/ini/iniObjectInsert.c:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/ini/iniOpen.c:72:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = open(filename, oMode, pMode ); data/unixodbc-2.3.6/ini/iniOpen.c:163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szLine[INI_MAX_LINE+1]; data/unixodbc-2.3.6/ini/iniOpen.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/ini/iniOpen.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/ini/iniOpen.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/ini/iniOpen.c:358:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szLine[INI_MAX_LINE+1]; data/unixodbc-2.3.6/ini/iniOpen.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/ini/iniOpen.c:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/ini/iniOpen.c:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/ini/iniPropertyValue.c:13:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[INI_MAX_LINE+1]; data/unixodbc-2.3.6/ini/iniPropertyValue.c:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szEqual[2]; data/unixodbc-2.3.6/ini/iniPropertyValue.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertySep[2]; data/unixodbc-2.3.6/ini/iniPropertyValue.c:43:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pValueLastChar = (char *)strchr( pValue, szPropertySep[ 0 ] ); data/unixodbc-2.3.6/libltdl/libltdl/lt__dirent.h:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[LT_FILENAME_MAX]; data/unixodbc-2.3.6/libltdl/loaders/dyld.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saveError[256] = "Symbol not found"; data/unixodbc-2.3.6/libltdl/loaders/loadlibrary.c:139:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wpath[MAX_PATH]; data/unixodbc-2.3.6/libltdl/lt__alloc.c:87:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy (newmem, mem, n); data/unixodbc-2.3.6/libltdl/lt__argz.c:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argz + *pargz_len, buf, buf_len); data/unixodbc-2.3.6/libltdl/lt__argz.c:166:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (before, entry, entry_len); data/unixodbc-2.3.6/libltdl/lt__dirent.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_spec[LT_FILENAME_MAX]; data/unixodbc-2.3.6/libltdl/lt_error.c:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char error_strings[LT_ERROR_MAX][LT_ERROR_LEN_MAX + 1] = data/unixodbc-2.3.6/libltdl/ltdl.c:756:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*pfile = fopen (filename, LT_READTEXT_MODE))) data/unixodbc-2.3.6/libltdl/ltdl.c:1023:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &str[1], (end - str) - 1); data/unixodbc-2.3.6/libltdl/ltdl.c:1383:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen (attempt, LT_READTEXT_MODE); data/unixodbc-2.3.6/libltdl/ltdl.c:2016:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lsym[LT_SYMBOL_LENGTH]; data/unixodbc-2.3.6/libltdl/ltdl.c:2071:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sym, "_LTX_"); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szError[LOG_MSG_MAX+1]; data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriverSetup[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szSectionName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/ODBCINSTSetProperty.c:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szError[LOG_MSG_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriverSetup[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:31:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 3 ]; data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:98:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szError[ 512 ]; data/unixodbc-2.3.6/odbcinst/SQLConfigDataSource.c:99:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szError, "Could not find Setup property for (%.400s) in system information", pszDriver ); data/unixodbc-2.3.6/odbcinst/SQLConfigDriver.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDriverSetup[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLConfigDriver.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLConfigDriver.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLCreateDataSource.c:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLCreateDataSource.c:199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameAndExtension[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLCreateDataSource.c:200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPathAndName[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameValue[INI_MAX_PROPERTY_NAME+INI_MAX_PROPERTY_VALUE+3]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:103:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nUsageCount = atoi( szValue ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:136:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szValue, "%d", nUsageCount ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:151:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szValue, "%d", nUsageCount ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverManager.c:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ INI_MAX_OBJECT_NAME + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLInstallDriverManager.c:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:50:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sz[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:61:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( pszName, "libodbcinstQ4" ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameAndExtension[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPathAndName[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValueName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:127:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( szFileName, ".dsn" ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:147:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPath[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:154:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( szFileName, ".dsn" ); data/unixodbc-2.3.6/odbcinst/SQLRemoveDSNFromIni.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szINIFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:65:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (*pnUsageCount) = atoi( szValue ); data/unixodbc-2.3.6/odbcinst/SQLRemoveDriver.c:89:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( szValue, "%ld", (long int)(*pnUsageCount) ); data/unixodbc-2.3.6/odbcinst/SQLWriteDSNToIni.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPath[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c:36:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat( szFileName, ".dsn" ); data/unixodbc-2.3.6/odbcinst/SQLWritePrivateProfileString.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[ODBC_FILENAME_MAX+1]; data/unixodbc-2.3.6/odbcinst/_SQLDriverConnectPrompt.c:10:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szName[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/_SQLDriverConnectPrompt.c:11:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameAndExtension[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/_SQLDriverConnectPrompt.c:12:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPathAndName[FILENAME_MAX]; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:34:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szValue[INI_MAX_PROPERTY_VALUE+1]; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 3 ]; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_SQLWriteInstalledDrivers.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szIniName[ ODBC_FILENAME_MAX * 2 + 1 ]; data/unixodbc-2.3.6/odbcinst/_SQLWriteInstalledDrivers.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ], b2[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_odbcinst_GetEntries.c:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPropertyName[INI_MAX_PROPERTY_NAME+1]; data/unixodbc-2.3.6/odbcinst/_odbcinst_GetSections.c:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szObjectName[INI_MAX_OBJECT_NAME+1]; data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:86:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char save_path[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:100:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( save_path, "odbcinst.ini" ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:109:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char save_path[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:130:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy( save_path, "/etc" ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:145:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char save_path[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:35:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( pszFileName, "SYS$LOGIN:ODBC.INI" ); data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[ ODBC_FILENAME_MAX + 1 ]; data/unixodbc-2.3.6/samples/cursor.c:141:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[ 256 ]; data/unixodbc-2.3.6/samples/cursor.c:142:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( sql, "insert into ctest values( %d, '%10d', '%05d', 'other line %d' )", i, i, i, i ); data/unixodbc-2.3.6/samples/cursor.c:202:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cname[ 30 ]; data/unixodbc-2.3.6/samples/cursor.c:236:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[ 50 ]; data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:55:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:56:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:67:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "Host", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:68:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:79:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "Port", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:80:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:91:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "User", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:92:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:101:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "Password", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:102:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:113:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "Trace", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:123:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(hLastProperty->szName, "TraceFile", INI_MAX_PROPERTY_NAME); data/unixodbc-2.3.6/DRVConfig/Mimer/mimerS.c:124:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:40:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Host", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:41:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:47:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:48:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:54:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ConfigFile", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MiniSQL/odbcminiS.c:55:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:43:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Server", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:44:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:53:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:54:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "test", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:61:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Port", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:62:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:69:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Socket", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:70:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:77:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Option", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:78:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:104:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Stmt", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/MySQL/odbcmyS.c:105:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:57:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "DB", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:58:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:59:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[0]) + 1); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:67:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "USER", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:68:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:69:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[1]) + 1); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:77:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "PASSWORD", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:78:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:79:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[2]) + 1); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:87:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ORACLE_HOME", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:88:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:89:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[3]) + 1); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:104:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "TNS_ADMIN", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:105:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/Oracle/oraodbcS.c:106:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[4]) + 1); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:66:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Trace", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:73:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "TraceFile", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:74:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:80:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:81:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:89:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Servername", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:90:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "localhost", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:96:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Username", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:97:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:104:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Password", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:105:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:113:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Port", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:114:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "5432", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:122:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Protocol", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:123:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "6.4", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:131:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ReadOnly", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:132:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:140:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "RowVersioning", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:141:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:149:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ShowSystemTables", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:150:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:158:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ShowOidColumn", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:159:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:167:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "FakeOidIndex", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:168:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:174:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ConnSettings", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/PostgreSQL/odbcpsqlS.c:175:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:30:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Host", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:31:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:37:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:38:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:44:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Port", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/drvcfg1/drvcfg1.c:45:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/drvcfg2/drvcfg2.c:30:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/drvcfg2/drvcfg2.c:31:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:76:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Server", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:77:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:78:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[0]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:86:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Transport", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:87:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "TCP/IP", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:88:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[1]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:95:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Port", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:96:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "8888", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:97:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[2]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:104:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "TargetDSN", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:105:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:106:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[3]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:113:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "LogonUser", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:114:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:115:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[4]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:122:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "LogonAuth", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:123:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:124:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[5]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:131:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "TargetUser", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:132:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:133:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[6]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:141:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "TargetAuth", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:142:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:143:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[7]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:151:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "BlockFetchSize", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:152:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "0", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:153:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[8]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:161:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Unquote_Catalog_Fns", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:162:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "0", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:163:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[9]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:171:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "MetaData_ID_Identifiers", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:172:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "0", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:173:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[10]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:181:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "MetaDataBlockFetch", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:182:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "1", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:183:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[11]) + 1); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:191:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "DisguiseWide", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:192:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "0", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/esoob/esoobS.c:193:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc(strlen(help_strings[12]) + 1); data/unixodbc-2.3.6/DRVConfig/nn/drvcfg.c:30:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Server", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/nn/drvcfg.c:31:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:96:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ServerOptions", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:97:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:103:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Options", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:104:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:110:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc( strlen(szHelpDatabase)+1 ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:112:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:113:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:121:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Host", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:122:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:128:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "UserName", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:129:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:135:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hLastProperty->pszHelp = malloc( strlen(szHelpPassword)+1 ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:137:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Password", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:138:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:146:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ServerType", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:147:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:155:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Protocol", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:156:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:162:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "LastUser", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:163:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:171:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ReadOnly", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:172:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:180:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "NoLoginBox", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:181:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:187:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "FetchBufferSize", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/oplodbc/oplodbc.c:188:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:42:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ServerNode", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:43:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "localhost", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:49:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ServerDB", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:50:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:58:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "SQLMode", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:59:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "INTERNAL", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:67:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "IsolationLevel", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:68:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "Committed", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:74:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "TraceFileName", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/sapdb/sapdb.c:75:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:51:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Servername", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:52:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:59:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Database", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:60:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:67:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "UID", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:68:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:75:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "PWD", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:76:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:84:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Port", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/tds/tdsS.c:85:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "4100", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:42:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Directory", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:43:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:51:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ReadOnly", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:52:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:60:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "CaseSensitive", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:61:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "Yes", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:69:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Catalog", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:70:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szValue, "No", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:78:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "ColumnSeparator", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/DRVConfig/txt/drvcfg.c:79:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy( hLastProperty->szValue, "|", INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:337:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> dsn, "" ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:348:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( dsn ) > SQL_MAX_DSN_LENGTH ) data/unixodbc-2.3.6/DriverManager/SQLBrowseConnect.c:442:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( in_str ), data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:282:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> dsn, "" ); data/unixodbc-2.3.6/DriverManager/SQLBrowseConnectW.c:293:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( dsn ) > SQL_MAX_DSN_LENGTH ) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2316:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( SHLIBEXT ) == 0 ) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:2322:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( SHLIBEXT ) + 1 > sizeof( ext )) { data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3243:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( connection -> probe_sql ) > 0 ) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3643:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( dsn && strlen( dsn )) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3649:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( txt )) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3652:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txt, strlen( txt )); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3659:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( txt )) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3662:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txt, strlen( txt )); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3669:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( txt )) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3672:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txt, strlen( txt )); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3676:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( driver_name && strlen( driver_name )) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3682:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( txt )) data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3685:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txt, strlen( txt )); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3800:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char*) server_name ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3912:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> server, "" ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3929:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> user, "" ); data/unixodbc-2.3.6/DriverManager/SQLConnect.c:3946:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> password, "" ); data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:307:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( driver ) > 0 ) data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:336:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (( server_name && buffer_length1 <= strlen( object )) || data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:337:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ( description && buffer_length2 <= strlen( property ))) data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:351:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length1 <= strlen( object )) data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:364:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length2 <= strlen( property )) data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:377:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *name_length1 = strlen( object ); data/unixodbc-2.3.6/DriverManager/SQLDataSources.c:381:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *name_length2 = strlen( property ); data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:231:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( driver ) > 0 ) data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:241:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( property, "" ); data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:246:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (( server_name && buffer_length1 <= strlen( object )) || data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:247:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ( description && buffer_length2 <= strlen( property ))) data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:267:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length1 <= strlen( object )) data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:289:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length2 <= strlen( property )) data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:305:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *name_length1 = strlen( object ); data/unixodbc-2.3.6/DriverManager/SQLDataSourcesW.c:309:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *name_length2 = strlen( property ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:336:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t attrlen = strlen( cp -> attribute ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:343:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = malloc( strlen( cp -> keyword ) + attrlen + 10 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:364:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( str ) + strlen( tmp ) > str_len ) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:364:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( str ) + strlen( tmp ) > str_len ) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:491:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr -> attribute = malloc( strlen( value ) + 1 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:502:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr -> keyword = malloc( strlen( kword ) + 1 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:505:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr -> attribute = malloc( strlen( value ) + 1 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:546:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !local_str || strlen( local_str ) == 0 || data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:547:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ( strlen( local_str ) == 1 && *local_str == ';' )) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:703:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( driver_name, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:833:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen((char*) conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:843:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen((char*) conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:885:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen((char*) conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:911:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen((char*) conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:968:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> server, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:970:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> user, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:972:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> password, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:994:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( tsavefile ) > INI_MAX_PROPERTY_VALUE ) { data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1023:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( str )) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1029:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str, strlen( str )); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1053:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str1 = malloc( strlen( cp -> keyword ) + strlen( cp -> attribute ) + 10 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1053:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str1 = malloc( strlen( cp -> keyword ) + strlen( cp -> attribute ) + 10 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1073:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*) conn_str_in ) > 0 ) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1082:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( (char*)conn_str_in ) + strlen( str1 ) < conn_str_out_max ) { data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1082:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( (char*)conn_str_in ) + strlen( str1 ) < conn_str_out_max ) { data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1110:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str1 = malloc( strlen( cp -> keyword ) + strlen( cp -> attribute ) + 10 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1110:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str1 = malloc( strlen( cp -> keyword ) + strlen( cp -> attribute ) + 10 ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1129:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*) conn_str_in ) > 0 ) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1137:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( (char*)conn_str_in ) + strlen( str1 ) < conn_str_out_max ) { data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1137:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( (char*)conn_str_in ) + strlen( str1 ) < conn_str_out_max ) { data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1152:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen((char*) conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1188:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( driver ) >= sizeof( driver_name )) { data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1230:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> dsn, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1257:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( dsn ) > SQL_MAX_DSN_LENGTH ) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1708:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( conn_str_out && strlen((char*) conn_str_out ) > 64 ) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1738:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( savefile )) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1743:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) conn_str_out, ";" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1749:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ptr_conn_str_out = strlen((char*) conn_str_out ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1753:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( save_filedsn && strlen( save_filedsn )) data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1758:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) conn_str_out, ";" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnect.c:1764:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ptr_conn_str_out = strlen((char*) conn_str_out ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:157:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( !local_str || strlen( local_str ) == 0 || data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:158:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ( strlen( local_str ) == 1 && *local_str == ';' )) data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:221:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( driver_name, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:377:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen( ansi_conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:397:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen( ansi_conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:442:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len_conn_str_in = strlen((char*) local_conn_str_in ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:487:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( connection -> dsn, "" ); data/unixodbc-2.3.6/DriverManager/SQLDriverConnectW.c:510:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( dsn ) > SQL_MAX_DSN_LENGTH ) data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:346:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcb_driver_desc = strlen( object ); data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:350:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( object ) >= cb_driver_desc_max ) data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:406:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( total_len + strlen( buffer ) + 1 > cb_drvr_attr_max ) data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:413:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz_driver_attributes += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:416:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_len += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:459:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( total_len + strlen( buffer ) + 1 > cb_drvr_attr_max ) data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:466:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz_driver_attributes += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDrivers.c:469:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_len += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:263:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcb_driver_desc = strlen( object ); data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:267:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( object ) >= cb_driver_desc_max ) data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:330:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( total_len + strlen( buffer ) + 1 > cb_drvr_attr_max ) data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:345:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz_driver_attributes += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:349:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_len += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:391:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( total_len + strlen( buffer ) + 1 > cb_drvr_attr_max ) data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:406:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz_driver_attributes += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLDriversW.c:410:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_len += strlen( buffer ) + 1; data/unixodbc-2.3.6/DriverManager/SQLError.c:234:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( message_text && buffer_length < strlen( str ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLError.c:258:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *text_length = strlen( str ); data/unixodbc-2.3.6/DriverManager/SQLExecDirect.c:220:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = malloc( strlen((char*) statement_text ) + LOG_MESSAGE_LEN ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:223:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:227:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length > strlen( log_info.log_file_name ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:249:21: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( value, "" ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:345:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SQLLEN realLen = sa->str_attr ? strlen(sa->str_attr) : 0; data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:348:33: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(value, sa->str_attr, buffer_length - 1); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:583:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttr.c:587:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length > strlen( ptr ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:164:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen( ptr ) * sizeof( SQLWCHAR ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:289:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SQLLEN realLen = sa->str_attr ? strlen(sa->str_attr) : 0; data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:292:33: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(value, sa->str_attr, buffer_length - 1); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:527:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( ptr ); data/unixodbc-2.3.6/DriverManager/SQLGetConnectAttrW.c:531:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length > strlen( ptr ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetConnectOption.c:196:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( value, "" ); data/unixodbc-2.3.6/DriverManager/SQLGetDescRec.c:364:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen((char*)name); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:342:21: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( diag_info_ptr, "" ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:414:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( diag_info_ptr, "" ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:700:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length >= strlen( str ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:713:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length_ptr = strlen( str ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:772:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length >= strlen( str ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetDiagField.c:792:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length_ptr = strlen( str ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagFieldW.c:308:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( diag_info_ptr, "" ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:337:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length < strlen((char*) as1 ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:361:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *text_length = strlen((char*) as1 ); data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:476:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( as1 && buffer_length < strlen((char*) as1 ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetDiagRec.c:500:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *text_length = strlen((char*) as1 ); data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:215:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length >= strlen( VERSION )) data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:226:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( VERSION ); data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:236:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length >= strlen( odbcinst_system_file_path( b1 ))) data/unixodbc-2.3.6/DriverManager/SQLGetEnvAttr.c:247:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:515:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen(info_value); data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:555:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( cptr ); data/unixodbc-2.3.6/DriverManager/SQLGetInfo.c:559:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length > strlen( cptr ) + 1 ) data/unixodbc-2.3.6/DriverManager/SQLGetInfoW.c:536:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen( cptr ) * sizeof( SQLWCHAR ); data/unixodbc-2.3.6/DriverManager/SQLNativeSql.c:193:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = malloc( strlen((char*) sz_sql_str_in ) + 100 ); data/unixodbc-2.3.6/DriverManager/SQLNativeSql.c:362:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = malloc( strlen((char*) sz_sql_str ) + 100 ); data/unixodbc-2.3.6/DriverManager/SQLNativeSql.c:370:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = malloc( strlen((char*) sz_sql_str ) + 100 ); data/unixodbc-2.3.6/DriverManager/SQLPrepare.c:176:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s1 = malloc( strlen((char*) statement_text ) + 100 ); data/unixodbc-2.3.6/DriverManager/SQLSetDescFieldW.c:377:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_length = strlen((char*) ascii_str ); data/unixodbc-2.3.6/DriverManager/__attribute.c:875:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nap -> keyword = malloc( strlen( ap -> keyword ) + 1 ); data/unixodbc-2.3.6/DriverManager/__attribute.c:878:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nap -> value = malloc( strlen( ap -> value ) + 1 ); data/unixodbc-2.3.6/DriverManager/__attribute.c:1025:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( as -> value )); data/unixodbc-2.3.6/DriverManager/__attribute.c:1059:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( as -> value )); data/unixodbc-2.3.6/DriverManager/__attribute.c:1131:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( as -> value )); data/unixodbc-2.3.6/DriverManager/__attribute.c:1194:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen( as -> value )); data/unixodbc-2.3.6/DriverManager/__attribute.c:1315:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( as -> value ); data/unixodbc-2.3.6/DriverManager/__attribute.c:1381:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *string_length = strlen( as -> value ) * sizeof( SQLWCHAR ); data/unixodbc-2.3.6/DriverManager/__connection.c:147:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( driver_name, "" ); data/unixodbc-2.3.6/DriverManager/__info.c:662:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char*) str ); data/unixodbc-2.3.6/DriverManager/__info.c:796:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_len = strlen( src ); data/unixodbc-2.3.6/DriverManager/__info.c:1088:17: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf((char*) s, "[" ); data/unixodbc-2.3.6/DriverManager/__info.c:3147:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*) instr ) > LOG_MESSAGE_LEN ) data/unixodbc-2.3.6/DriverManager/__info.c:3150:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LOG_MESSAGE_LEN, instr, (long int)strlen((char*) instr )); data/unixodbc-2.3.6/DriverManager/__info.c:3155:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). instr, (long int)strlen((char*) instr )); data/unixodbc-2.3.6/DriverManager/__info.c:3183:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy((char*) ostr, "[" ); data/unixodbc-2.3.6/DriverManager/__info.c:3185:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) ostr, "]" ); data/unixodbc-2.3.6/DriverManager/__info.c:3189:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy((char*) ostr, "[" ); data/unixodbc-2.3.6/DriverManager/__info.c:3200:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy((char*) ostr, "[" ); data/unixodbc-2.3.6/DriverManager/__info.c:3202:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) ostr, "]" ); data/unixodbc-2.3.6/DriverManager/__info.c:3206:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy((char*) ostr, "[" ); data/unixodbc-2.3.6/DriverManager/__info.c:5786:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat((char*) msg, message, sizeof(msg) - sizeof(DM_ERROR_PREFIX) ); data/unixodbc-2.3.6/DriverManager/__stats.c:464:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(errmsg) > buflen) data/unixodbc-2.3.6/DriverManager/__stats.c:706:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(notbuilt) > buflen) data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:54:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_BASE_COLUMN_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:56:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:59:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_BASE_TABLE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:61:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:67:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_CATALOG_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:69:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:84:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LABEL, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:86:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:92:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LITERAL_PREFIX, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:94:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:97:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LITERAL_SUFFIX, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:99:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:102:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LOCAL_TYPE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:104:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:107:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:109:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:127:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_SCHEMA_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:129:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:135:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_TABLE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:137:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:143:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_TYPE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLColAttribute.c:145:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLConnect.c:43:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szDataSource ) > ODBC_FILENAME_MAX+INI_MAX_OBJECT_NAME ) data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeCol.c:53:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szColName, pColumnHeader->pszSQL_DESC_NAME, nColNameMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLDescribeCol.c:55:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnColNameLength = strlen( szColName ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:48:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szErrorMsg, hStmt->szSqlMsg, nErrorMsgMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:49:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcbErrorMsg = strlen( szErrorMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:58:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szErrorMsg, hDbc->szSqlMsg, nErrorMsgMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:59:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcbErrorMsg = strlen( szErrorMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:68:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szErrorMsg, hEnv->szSqlMsg, nErrorMsgMax ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLError.c:69:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcbErrorMsg = strlen( szErrorMsg ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetCursorName.c:41:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szCursor, hStmt->szCursorName, nCursorMaxLength ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetCursorName.c:46:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ci = strlen( hStmt->szCursorName ); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLGetInfo.c:37:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SQLSMALLINT len=strlen(ver); data/unixodbc-2.3.6/Drivers/MiniSQL/SQLSetCursorName.c:38:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hStmt->szCursorName, szCursor, SQL_MAX_CURSOR_NAME ); data/unixodbc-2.3.6/Drivers/MiniSQL/_GetData.c:99:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pTarget, pSourceData, nTargetLength ); data/unixodbc-2.3.6/Drivers/MiniSQL/_GetData.c:101:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnLengthOrIndicator = strlen(pTarget); data/unixodbc-2.3.6/Drivers/Postgre7.1/bind.c:349:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t stlen=strlen(stmt->statement); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:490:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!EncryptMD5(ci->password, ci->username, strlen(ci->username), pwd1)) data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:500:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!EncryptMD5(pwd1 + strlen("md5"), salt, 4, pwd2)) data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:507:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SOCK_put_int(sock, 4 + strlen(pwd2) + 1, 4); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:508:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SOCK_put_n_char(sock, pwd2, strlen(pwd2) + 1); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:600:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sp62.database, ci->database, PATH_SIZE); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:601:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sp62.user, ci->username, NAMEDATALEN); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:618:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sp.database, ci->database, SM_DATABASE); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:619:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sp.user, ci->username, SM_USER); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:723:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SOCK_put_int(sock, 4 + strlen(ci->password) + 1, 4); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:724:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SOCK_put_n_char(sock, ci->password, strlen(ci->password) + 1); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:746:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SOCK_put_int(sock, 4+strlen(password)+1, 4); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:747:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SOCK_put_n_char(sock, password, strlen(password) + 1); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:915:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, CC_get_errormsg(self), sizeof(msg)); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:920:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = strlen(msg); data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1001:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(query) > MAX_MESSAGE_LEN-2) { data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1191:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (msgbuffer[0] != '\0' && msgbuffer[strlen(msgbuffer)-1] == '\n') data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.c:1192:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msgbuffer[strlen(msgbuffer)-1] = '\0'; data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:166:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define PROTOCOL_62(conninfo_) (strncmp((conninfo_)->protocol, PG62, strlen(PG62)) == 0) data/unixodbc-2.3.6/Drivers/Postgre7.1/connection.h:169:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define PROTOCOL_63(conninfo_) (strncmp((conninfo_)->protocol, PG63, strlen(PG63)) == 0) data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:240:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen (value); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:442:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmt->bindings[stmt->current_col].data_left = strlen(ptr); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:461:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dplen = strlen(lc->decimal_point); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:465:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&new_string[j], lc->decimal_point, dplen); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:789:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos = strlen(new_statement); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:798:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldstmtlen = strlen(old_statement); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:821:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(&new_statement[npos], esc, strlen(esc)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:822:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(esc); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:861:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen("NULL"); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:921:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dplen = strlen(lc->decimal_point); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1069:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(&new_statement[npos]); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1075:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1086:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1102:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1114:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1128:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1229:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1241:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1249:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(tmp); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1260:85: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_strcpy(&new_statement[npos], sizeof(stmt->stmt_with_params) - npos - 1, cbuf, strlen(cbuf)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1261:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(&new_statement[npos]); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1269:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(&new_statement[npos]); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1273:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npos += strlen(param_string); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1290:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen (new_statement); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1326:2: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(value, "%32s", key); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1337:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(escape, value, sizeof(escape)-1); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1353:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(value, "%32s", key); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1363:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(escape, value, sizeof(escape)-1); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1372:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(escape, value, sizeof(escape)-1); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1377:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(escape, funcEnd, sizeof(escape)-1-strlen(mapFunc)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1377:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(escape, funcEnd, sizeof(escape)-1-strlen(mapFunc)); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1392:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i = 0, out = 0, slen=strlen(s); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1492:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int in_len = strlen( si ); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1507:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max = strlen(si); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1571:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i, valen=strlen((char*)value);; data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1642:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t inlen=strlen(in); data/unixodbc-2.3.6/Drivers/Postgre7.1/convert.c:1667:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t stlen=strlen(in); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:252:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(ci->protocol, PG62, strlen(PG62)) == 0) data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:254:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(ci->protocol, PG63, strlen(PG63)) == 0) data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:341:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(&connect_string[strlen(connect_string)], data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:449:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (*(DSN+strlen(DSN)-1) == ' ') *(DSN+strlen(DSN)-1) = '\0'; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:449:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (*(DSN+strlen(DSN)-1) == ' ') *(DSN+strlen(DSN)-1) = '\0'; data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:478:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( ci->onlyread, "1" ); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:484:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( ci->show_oid_column, "1" ); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:490:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( ci->fake_oid_index, "1" ); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:496:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( ci->row_versioning, "1" ); data/unixodbc-2.3.6/Drivers/Postgre7.1/dlg_specific.c:502:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( ci->show_system_tables, "1" ); data/unixodbc-2.3.6/Drivers/Postgre7.1/drvconn.c:205:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(connStrOut); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:108:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcbErrorMsg = (SWORD)strlen(msg); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:252:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcbErrorMsg = (SWORD)strlen(msg); data/unixodbc-2.3.6/Drivers/Postgre7.1/environ.c:349:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pcbErrorMsg = (SWORD)strlen(msg); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:313:107: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mylog("%s: copying statement params: trans_status=%d, len=%d, stmt='%s'\n", func, conn->transact_status, strlen(stmt->statement), stmt->statement); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:502:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ptr); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:753:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = realloc(buffer, strlen(buffer) + strlen(rgbValue) + 1); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:753:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = realloc(buffer, strlen(buffer) + strlen(rgbValue) + 1); data/unixodbc-2.3.6/Drivers/Postgre7.1/execute.c:761:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mylog(" cbValue = SQL_NTS: strlen(buffer) = %d\n", strlen(buffer)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:656:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1063:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tables_query, "'"); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1076:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = PG_SQLExecDirect(htbl_stmt, tables_query, strlen(tables_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1141:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strncmp(table_name, POSTGRES_SYS_PREFIX, strlen(POSTGRES_SYS_PREFIX)) == 0) data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1148:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(table_name, prefix[i], strlen(prefix[i])) == 0) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1289:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(columns_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1432:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp(table_name, POSTGRES_SYS_PREFIX, strlen(POSTGRES_SYS_PREFIX)) == 0)) { data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1681:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(columns_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1859:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (SQLCHAR*)table_name, (SWORD) strlen(table_name), (SQLCHAR*)"", 0); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1884:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *)malloc(strlen(column_name)+1); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:1915:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = PG_SQLExecDirect(hindx_stmt, index_query, strlen(index_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2211:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = PG_SQLExecDirect(htbl_stmt, tables_query, strlen(tables_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2435:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = PG_SQLExecDirect(htbl_stmt, tables_query, strlen(tables_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2536:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pk_table += strlen(pk_table) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2563:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pkey_ptr += strlen(pkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2574:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pkey_ptr += strlen(pkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2582:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fkey_ptr += strlen(fkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2623:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pkey_ptr += strlen(pkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2656:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fkey_ptr += strlen(fkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2657:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pkey_ptr += strlen(pkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2701:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = PG_SQLExecDirect(htbl_stmt, tables_query, strlen(tables_query)); data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2820:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pkey_ptr += strlen(pkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2825:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fk_table += strlen(fk_table) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2830:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fkey_ptr += strlen(fkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2870:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pkey_ptr += strlen(pkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/info.c:2871:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fkey_ptr += strlen(fkey_ptr) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/md5.c:330:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t passwd_len = strlen(passwd); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:146:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src_len = strlen(src); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:163:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(dst); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:183:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src) + 1; data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:205:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s && (len > 0 || (len == SQL_NTS && strlen(s) > 0))) { data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:206:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (len > 0) ? len : strlen(s); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:230:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(s && (len > 0 || (len == SQL_NTS && strlen(s) > 0))) { data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:231:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = (len > 0) ? len : strlen(s); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:245:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s && (len > 0 || (len == SQL_NTS && strlen(s) > 0))) { data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:246:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = (len > 0) ? len : strlen(s); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:248:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int pos = strlen(buf); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:259:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t stlen=strlen(string); data/unixodbc-2.3.6/Drivers/Postgre7.1/misc.c:274:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(s) - 1; i >= 0; i--) { data/unixodbc-2.3.6/Drivers/Postgre7.1/parse.c:594:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ti[i]->name, (SWORD) strlen(ti[i]->name), "", 0); data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:275:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(col_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:561:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:1189:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (cbCursor == SQL_NTS) ? strlen((char*)szCursor) : cbCursor; data/unixodbc-2.3.6/Drivers/Postgre7.1/results.c:1228:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(stmt->cursor_name); data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c:195:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( path ) > 0 ) data/unixodbc-2.3.6/Drivers/Postgre7.1/socket.c:286:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(string)+1; data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:365:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ! strnicmp(statement, Statement_Type[i].s, strlen(Statement_Type[i].s))) data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:538:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, res->message, sizeof(msg)); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:542:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, SC_get_errormsg(self), sizeof(msg)); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:547:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(notice); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:560:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = strlen(msg); data/unixodbc-2.3.6/Drivers/Postgre7.1/statement.c:565:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = strlen(msg); data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:34:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tuple_field->len = strlen(string); data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:35:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tuple_field->value = malloc(strlen(string)+1); data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:47:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tuple_field->len = strlen(buffer)+1; data/unixodbc-2.3.6/Drivers/Postgre7.1/tuple.c:58:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tuple_field->len = strlen(buffer)+1; data/unixodbc-2.3.6/Drivers/nn/connect.c:377:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( upper_strneq(token, keywd, strlen(keywd)) ) data/unixodbc-2.3.6/Drivers/nn/connect.c:391:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( size < strlen(token) + 1 ) data/unixodbc-2.3.6/Drivers/nn/convert.c:67:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(buf); data/unixodbc-2.3.6/Drivers/nn/convert.c:84:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(buf); data/unixodbc-2.3.6/Drivers/nn/nnconfig.h:31:27: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). # define STRNCPY(t,s,n) (strncpy((char*)(t), (char*)(s), (size_t)(n))) data/unixodbc-2.3.6/Drivers/nn/nnconfig.h:33:27: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. # define STRNCAT(t,s,n) (strncat((char*)(t), (char*)(s), (size_t)(n))) data/unixodbc-2.3.6/Drivers/nn/nnconfig.h:38:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define STRLEN(str) ((str)? strlen((char*)(str)):0) data/unixodbc-2.3.6/Drivers/nn/yyparse.c:1702:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen(yytname[x]) + 15, count++; data/unixodbc-2.3.6/Drivers/nn/yyparse.c:1717:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(msg, "'"); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:54:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_BASE_COLUMN_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:56:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:59:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_BASE_TABLE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:61:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:67:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_CATALOG_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:69:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:84:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LABEL, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:86:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:92:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LITERAL_PREFIX, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:94:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:97:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LITERAL_SUFFIX, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:99:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:102:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_LOCAL_TYPE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:104:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:107:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:109:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:127:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_SCHEMA_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:129:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:135:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_TABLE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:137:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:143:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pColumnHeader->pszSQL_DESC_TYPE_NAME, nValueLengthMax ); data/unixodbc-2.3.6/Drivers/template/SQLColAttribute.c:145:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnValueLength = strlen( pszValue ); data/unixodbc-2.3.6/Drivers/template/SQLConnect.c:46:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*) szDataSource ) > ODBC_FILENAME_MAX+INI_MAX_OBJECT_NAME ) data/unixodbc-2.3.6/Drivers/template/SQLDescribeCol.c:50:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*) szColName, pColumnHeader->pszSQL_DESC_NAME, nColNameMax ); data/unixodbc-2.3.6/Drivers/template/SQLDescribeCol.c:52:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnColNameLength = strlen((char*) szColName ); data/unixodbc-2.3.6/Drivers/template/SQLGetCursorName.c:41:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*) szCursor, (char*)hStmt->szCursorName, nCursorMaxLength ); data/unixodbc-2.3.6/Drivers/template/SQLGetCursorName.c:46:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ci = strlen((char*) hStmt->szCursorName ); data/unixodbc-2.3.6/Drivers/template/SQLGetDiagRec.c:71:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( (char*)pszMessageText, hMsg->pszMessage, nBufferLength-1 ); data/unixodbc-2.3.6/Drivers/template/SQLGetDiagRec.c:74:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnStringLength = strlen( (char*)hMsg->pszMessage ); data/unixodbc-2.3.6/Drivers/template/SQLSetCursorName.c:38:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char*) hStmt->szCursorName,(char*) szCursor, SQL_MAX_CURSOR_NAME ); data/unixodbc-2.3.6/Drivers/template/_GetData.c:99:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pTarget, pSourceData, nTargetLength ); data/unixodbc-2.3.6/Drivers/template/_GetData.c:101:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnLengthOrIndicator = strlen(pTarget); data/unixodbc-2.3.6/cur/SQLGetCursorName.c:72:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( buffer_length < strlen((char*) cl_statement -> cursor_name ) + 1 ) data/unixodbc-2.3.6/cur/SQLGetCursorName.c:91:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *name_length = strlen((char*) cl_statement -> cursor_name ); data/unixodbc-2.3.6/cur/SQLGetData.c:555:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char*) sql )); data/unixodbc-2.3.6/cur/SQLGetData.c:562:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char*) sql )); data/unixodbc-2.3.6/cur/SQLSetCursorName.c:71:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*) cursor_name ) > MAX_CURSOR_NAME ) data/unixodbc-2.3.6/exe/isql.c:81:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlhistory = realloc(rlhistory, strlen(rlhistory)+16); data/unixodbc-2.3.6/exe/isql.c:531:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nLabelWidth = strlen((char*) szColumnName ); data/unixodbc-2.3.6/exe/isql.c:684:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy ((char*) szSepLine, "" ) ; data/unixodbc-2.3.6/exe/isql.c:1010:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = SQLExecDirect( hStmt, (SQLCHAR*)szSQL, strlen( szSQL )); data/unixodbc-2.3.6/exe/isql.c:1031:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( SQLPrepare( hStmt, (SQLCHAR*)szSQL, strlen( szSQL )) != SQL_SUCCESS ) data/unixodbc-2.3.6/exe/isql.c:1083:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy ((char*) szSepLine, "" ) ; data/unixodbc-2.3.6/exe/isql.c:1583:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) *szSepLine, "+" ); data/unixodbc-2.3.6/exe/iusql.c:219:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(szSQL, line, buffer_size ); data/unixodbc-2.3.6/exe/iusql.c:242:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(szSQL, line, buffer_size ); data/unixodbc-2.3.6/exe/iusql.c:300:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t DSNlen=strlen( szDSN ); data/unixodbc-2.3.6/exe/iusql.c:314:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t UIDlen=strlen( szUID ); data/unixodbc-2.3.6/exe/iusql.c:328:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t PWDlen=strlen( szPWD ); data/unixodbc-2.3.6/exe/iusql.c:352:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zclen=strlen( zcstr ); data/unixodbc-2.3.6/exe/iusql.c:788:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset( szColumn, '-', max( nMaxLength, strlen((char*)szColumnName) ) + 1 ); data/unixodbc-2.3.6/exe/iusql.c:789:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) szSepLine, "+" ); data/unixodbc-2.3.6/exe/iusql.c:793:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf((char*) szColumn, "| %-*s", (int)max( nMaxLength, strlen((char*)szColumnName) ), (char*)szColumnName ); data/unixodbc-2.3.6/exe/iusql.c:842:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*)szColumnValue) < max( nMaxLength, strlen((char*)szColumnName ))) data/unixodbc-2.3.6/exe/iusql.c:842:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen((char*)szColumnValue) < max( nMaxLength, strlen((char*)szColumnName ))) data/unixodbc-2.3.6/exe/iusql.c:845:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t maxlen=max( nMaxLength, strlen((char*)szColumnName )); data/unixodbc-2.3.6/exe/iusql.c:849:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( i = strlen((char*) szColumnValue ); i < maxlen; i ++ ) data/unixodbc-2.3.6/exe/iusql.c:851:25: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat((char*) szColumn, " " ); data/unixodbc-2.3.6/exe/iusql.c:867:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf((char*) szColumn, "| %-*s", (int)max( nMaxLength, strlen((char*) szColumnName) ), "" ); data/unixodbc-2.3.6/exe/odbcinst.c:170:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pChar += ( strlen( szObject ) + 1 ); data/unixodbc-2.3.6/exe/odbcinst.c:178:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pChar += ( strlen( szProperty ) + strlen( szValue ) + 2 ); data/unixodbc-2.3.6/exe/odbcinst.c:178:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pChar += ( strlen( szProperty ) + strlen( szValue ) + 2 ); data/unixodbc-2.3.6/exe/odbcinst.c:246:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/exe/odbcinst.c:262:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/exe/odbcinst.c:428:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/exe/odbcinst.c:445:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/exe/odbcinst.c:537:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szObjectName, argv[nArg+1], INI_MAX_OBJECT_NAME ); data/unixodbc-2.3.6/exe/odbcinst.c:541:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szTemplateINI, argv[nArg+1], ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/extras/vms.c:101:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). imgfab.fab$b_fns = (int) strlen (local_fspec); data/unixodbc-2.3.6/extras/vms.c:117:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). imgfab.fab$b_dns = strlen(defimg); data/unixodbc-2.3.6/extras/vms.c:129:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). imgfab.fab$b_dns = strlen(defimg); data/unixodbc-2.3.6/extras/vms.c:182:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dh->symdes.dsc$w_length = strlen (name); data/unixodbc-2.3.6/extras/vms.c:356:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crelnmlst[index].buflen = strlen(search_dir); data/unixodbc-2.3.6/extras/vms.c:396:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). logicalname.dsc$w_length = strlen (symbol); data/unixodbc-2.3.6/ini/_iniPropertyRead.c:28:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( pszPropertyName, "" ); data/unixodbc-2.3.6/ini/_iniPropertyRead.c:29:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( pszPropertyValue, "" ); data/unixodbc-2.3.6/ini/iniAllTrim.c:40:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( nForwardCursor=strlen(pszString)-1; data/unixodbc-2.3.6/ini/iniAppend.c:29:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pszFileName ) > ODBC_FILENAME_MAX ) data/unixodbc-2.3.6/ini/iniObject.c:31:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszObject, hIni->hCurObject->szName, INI_MAX_OBJECT_NAME ); data/unixodbc-2.3.6/ini/iniObjectInsert.c:28:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szObjectName, pszObject, INI_MAX_OBJECT_NAME ); data/unixodbc-2.3.6/ini/iniObjectInsert.c:39:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hObject->szName, szObjectName, INI_MAX_OBJECT_NAME ); data/unixodbc-2.3.6/ini/iniObjectUpdate.c:27:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hIni->hCurObject->szName, pszObject, INI_MAX_OBJECT_NAME ); data/unixodbc-2.3.6/ini/iniOpen.c:93:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = read(fp, &ch, 1); data/unixodbc-2.3.6/ini/iniOpen.c:188:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*hIni)->szFileName, pszFileName, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/ini/iniOpen.c:190:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy((*hIni)->szFileName, "stdin", ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/ini/iniOpen.c:192:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy((*hIni)->szFileName, "", ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/ini/iniOpen.c:282:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PropertyNumber = PropertyNumber + strlen(szPropertyName) + 1; data/unixodbc-2.3.6/ini/iniOpen.c:287:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ObjectNumber = ObjectNumber + strlen(szObjectName) + 1; data/unixodbc-2.3.6/ini/iniOpen.c:367:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*hIni)->szFileName, pszFileName, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/ini/iniOpen.c:369:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy((*hIni)->szFileName, "stdin", ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/ini/iniOpen.c:371:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy((*hIni)->szFileName, "", ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/ini/iniProperty.c:30:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszProperty, hIni->hCurProperty->szName, INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/ini/iniPropertyInsert.c:34:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hProperty->szName, pszProperty, INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/ini/iniPropertyInsert.c:35:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hProperty->szValue, pszValue, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/ini/iniPropertyUpdate.c:30:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hIni->hCurProperty->szName, pszProperty, INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/ini/iniPropertyUpdate.c:31:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hIni->hCurProperty->szValue, pszValue, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/ini/iniPropertyValue.c:25:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( pszValue, "" ); data/unixodbc-2.3.6/ini/iniPropertyValue.c:26:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szBuffer, pszString, INI_MAX_LINE ); data/unixodbc-2.3.6/ini/iniPropertyValue.c:37:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strncmp( pProperty, pszProperty, strlen(pszProperty) ) == 0 ) data/unixodbc-2.3.6/ini/iniPropertyValue.c:47:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, pValue, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/ini/iniValue.c:33:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszValue, hIni->hCurProperty->szValue, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/libltdl/libltdl/lt__dirent.h:46:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define D_NAMLEN(dirent) (strlen((dirent)->d_name)) data/unixodbc-2.3.6/libltdl/libltdl/lt__dirent.h:54:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define D_NAMLEN(dirent) (strlen((dirent)->d_name)) data/unixodbc-2.3.6/libltdl/loaders/dlopen.c:222:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *attempt = MALLOC (char, len + strlen (member) + 1); data/unixodbc-2.3.6/libltdl/loaders/loadlibrary.c:179:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (wpath); data/unixodbc-2.3.6/libltdl/lt__alloc.c:95:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (char *) lt__memdup (string, strlen (string) +1); data/unixodbc-2.3.6/libltdl/lt__argz.c:91:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argz_len = 1+ strlen (str); data/unixodbc-2.3.6/libltdl/lt__argz.c:141:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return argz_append (pargz, pargz_len, entry, 1+ strlen (entry)); data/unixodbc-2.3.6/libltdl/lt__argz.c:150:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t entry_len = 1+ strlen (entry); data/unixodbc-2.3.6/libltdl/lt__dirent.c:101:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). entry->file_info.d_namlen = strlen (entry->file_info.d_name); data/unixodbc-2.3.6/libltdl/lt__strl.c:61:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length=strlen(dst); data/unixodbc-2.3.6/libltdl/ltdl.c:1293:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name = MALLOC (char, strlen (libprefix) + LT_STRLEN (name) + strlen (libext) + 2); data/unixodbc-2.3.6/libltdl/ltdl.c:1293:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). archive_name = MALLOC (char, strlen (libprefix) + LT_STRLEN (name) + strlen (libext) + 2); data/unixodbc-2.3.6/libltdl/ltdl.c:1731:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error = argz_append (pargz, pargz_len, entry, 1 + strlen (entry)); data/unixodbc-2.3.6/libltdl/ltdl.c:1821:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (buf, "/"); data/unixodbc-2.3.6/libltdl/ltdl.c:1822:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat (buf, dp->d_name, end_offset); data/unixodbc-2.3.6/libltdl/ltdl.c:2166:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert ((int) (before - *ppath) <= (int) strlen (*ppath)); data/unixodbc-2.3.6/libltdl/ltdl.h:44:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define LT_STRLEN(s) (((s) && (s)[0]) ? strlen (s) : 0) data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:198:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( (*hFirstProperty)->szName, "Name", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:199:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy( (*hFirstProperty)->szValue, "" ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:212:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Description", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:213:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hLastProperty->szValue, pszDriver, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:225:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy( hLastProperty->szName, "Driver", INI_MAX_PROPERTY_NAME ); data/unixodbc-2.3.6/odbcinst/ODBCINSTConstructProperties.c:226:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hLastProperty->szValue, pszDriver, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/odbcinst/ODBCINSTSetProperty.c:43:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( hCurProperty->szValue, pszValue, INI_MAX_PROPERTY_VALUE ); data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:56:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (strlen( szObjectName )+1) > (nBufMax - nBufPos) ) data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:59:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( &(pszBuf[nBufPos]), szObjectName, nToCopySize ); data/unixodbc-2.3.6/odbcinst/SQLGetInstalledDrivers.c:66:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nBufPos += strlen( szObjectName )+1; data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:191:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( nRetBuffer < strlen( ini_cache -> value )) { data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:192:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pRetBuffer, ini_cache -> value, nRetBuffer ); data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:420:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pRetBuffer, pszDefault, nRetBuffer ); data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:569:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pRetBuffer, pszDefault, nRetBuffer ); data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:578:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pRetBuffer, szValue, nRetBuffer ); data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:581:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nBufPos = strlen( szValue ); data/unixodbc-2.3.6/odbcinst/SQLGetPrivateProfileString.c:587:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = strlen( pRetBuffer ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:169:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( odbcinst_system_file_path( b1 )) < nPathOutMax ) data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:175:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszPathOut, odbcinst_system_file_path( b1 ), nPathOutMax ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:184:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pszPathIn ) < nPathOutMax ) data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:190:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszPathOut, pszPathIn, nPathOutMax ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:200:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnPathOut = strlen( odbcinst_system_file_path( b1 )); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverEx.c:204:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnPathOut = strlen( pszPathIn ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverManager.c:38:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszPath, szIniName, nPathMax ); data/unixodbc-2.3.6/odbcinst/SQLInstallDriverManager.c:40:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnPathOut = strlen( pszPath ); data/unixodbc-2.3.6/odbcinst/SQLInstallerError.c:117:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnErrorMsg = strlen( pszText ); data/unixodbc-2.3.6/odbcinst/SQLInstallerError.c:122:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszErrorMsg, pszText, nErrorMsgMax ); data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:78:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( SHLIBEXT ) > 0 ) data/unixodbc-2.3.6/odbcinst/SQLManageDataSources.c:99:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( DEFLIB_PATH ) > 0 ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:34:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + strlen( szPropertyName ) < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:34:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + strlen( szPropertyName ) < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:37:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + 1 < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:39:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( pRetBuffer, "=" ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:40:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + strlen( szValueName ) < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:40:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + strlen( szValueName ) < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:43:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + 1 < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:45:25: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( pRetBuffer, ";" ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:72:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + strlen( szObjectName ) + 1 < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:72:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pRetBuffer ) + strlen( szObjectName ) + 1 < nRetBuffer ) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:75:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat( pRetBuffer, ";" ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:112:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( pszFileName && strlen( pszFileName ) > ODBC_FILENAME_MAX ) { data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:125:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szFileName ) < 4 || strcmp( szFileName + strlen( szFileName ) - 4, ".dsn" )) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:125:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szFileName ) < 4 || strcmp( szFileName + strlen( szFileName ) - 4, ".dsn" )) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:152:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szFileName ) < 4 || strcmp( szFileName + strlen( szFileName ) - 4, ".dsn" )) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:152:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szFileName ) < 4 || strcmp( szFileName + strlen( szFileName ) - 4, ".dsn" )) data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:194:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszString, szValue, nString ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:196:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nBufPos = strlen( szValue ); data/unixodbc-2.3.6/odbcinst/SQLReadFileDSN.c:207:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pnString = strlen( pszString ); data/unixodbc-2.3.6/odbcinst/SQLValidDSN.c:23:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pszDSN ) < 1 || strlen( pszDSN ) > SQL_MAX_DSN_LENGTH ) data/unixodbc-2.3.6/odbcinst/SQLValidDSN.c:23:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( pszDSN ) < 1 || strlen( pszDSN ) > SQL_MAX_DSN_LENGTH ) data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c:24:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( szFileName, pszFileName, sizeof(szFileName) - 5 ); data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c:34:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szFileName ) < 4 || strcmp( szFileName + strlen( szFileName ) - 4, ".dsn" )) data/unixodbc-2.3.6/odbcinst/SQLWriteFileDSN.c:34:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen( szFileName ) < 4 || strcmp( szFileName + strlen( szFileName ) - 4, ".dsn" )) data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:96:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( nBufPos + 1 + strlen( szObjectName ) >= nRetBuffer ) data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:103:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:104:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nBufPos += strlen( szObjectName ) + 1; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:132:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( nBufPos + 1 + strlen( szPropertyName ) >= nRetBuffer ) data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:139:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:140:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nBufPos += strlen( szPropertyName ) + 1; data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:163:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( (char *)pRetBuffer, pszDefault, nRetBuffer ); data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:171:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nStrToCopy = strlen( szValue ) + 1; /* factor NULL terminator for string */ data/unixodbc-2.3.6/odbcinst/_SQLGetInstalledDrivers.c:174:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( (char *)&(pRetBuffer[nBufPos]), szValue, nStrToCopy ); data/unixodbc-2.3.6/odbcinst/_odbcinst_GetEntries.c:37:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( *pnBufPos + 1 + strlen( szPropertyName ) >= nRetBuffer ) data/unixodbc-2.3.6/odbcinst/_odbcinst_GetEntries.c:44:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/odbcinst/_odbcinst_GetEntries.c:45:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*pnBufPos) += strlen( szPropertyName ) + 1; data/unixodbc-2.3.6/odbcinst/_odbcinst_GetSections.c:38:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( *pnBufPos + 1 + strlen( szObjectName ) >= nRetBuffer ) data/unixodbc-2.3.6/odbcinst/_odbcinst_GetSections.c:45:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen( ptr ) + 1; data/unixodbc-2.3.6/odbcinst/_odbcinst_GetSections.c:46:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*pnBufPos) += strlen( szObjectName ) + 1; data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:94:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( buffer, path, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:95:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( save_path, buffer, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:117:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( buffer, path, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:118:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( save_path, buffer, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:153:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( buffer, path, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_SystemINI.c:154:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( save_path, buffer, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:31:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszFileName, szEnv_INIUSER, ODBC_FILENAME_MAX ); data/unixodbc-2.3.6/odbcinst/_odbcinst_UserINI.c:81:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( pszFileName, szEnv_INIUSER, ODBC_FILENAME_MAX ); ANALYSIS SUMMARY: Hits = 3059 Lines analyzed = 148039 in approximately 3.66 seconds (40483 lines/second) Physical Source Lines of Code (SLOC) = 91779 Hits@level = [0] 345 [1] 717 [2] 1659 [3] 16 [4] 665 [5] 2 Hits@level+ = [0+] 3404 [1+] 3059 [2+] 2342 [3+] 683 [4+] 667 [5+] 2 Hits/KSLOC@level+ = [0+] 37.0891 [1+] 33.3301 [2+] 25.5178 [3+] 7.44179 [4+] 7.26746 [5+] 0.0217915 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.