Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vile-9.8u/ansi.c Examining data/vile-9.8u/api.c Examining data/vile-9.8u/api.h Examining data/vile-9.8u/basic.c Examining data/vile-9.8u/bind.c Examining data/vile-9.8u/blist.c Examining data/vile-9.8u/blist.h Examining data/vile-9.8u/borland.c Examining data/vile-9.8u/btree.c Examining data/vile-9.8u/btree.h Examining data/vile-9.8u/buffer.c Examining data/vile-9.8u/builtflt.c Examining data/vile-9.8u/charsets.c Examining data/vile-9.8u/chgdfunc.h Examining data/vile-9.8u/csrch.c Examining data/vile-9.8u/curses.c Examining data/vile-9.8u/dirstuff.h Examining data/vile-9.8u/display.c Examining data/vile-9.8u/djhandl.c Examining data/vile-9.8u/dumbterm.c Examining data/vile-9.8u/edef.h Examining data/vile-9.8u/eightbit.c Examining data/vile-9.8u/encrypt.c Examining data/vile-9.8u/estruct.h Examining data/vile-9.8u/eval.c Examining data/vile-9.8u/exec.c Examining data/vile-9.8u/externs.c Examining data/vile-9.8u/fences.c Examining data/vile-9.8u/file.c Examining data/vile-9.8u/filec.c Examining data/vile-9.8u/fileio.c Examining data/vile-9.8u/filters/atr2ansi.c Examining data/vile-9.8u/filters/atr2html.c Examining data/vile-9.8u/filters/atr2text.c Examining data/vile-9.8u/filters/c-filt.c Examining data/vile-9.8u/filters/ecrypt.c Examining data/vile-9.8u/filters/filterio.c Examining data/vile-9.8u/filters/filters.c Examining data/vile-9.8u/filters/filters.h Examining data/vile-9.8u/filters/flt_defs.h Examining data/vile-9.8u/filters/fltstack.h Examining data/vile-9.8u/filters/genmake.c Examining data/vile-9.8u/filters/key-filt.c Examining data/vile-9.8u/filters/m4-filt.c Examining data/vile-9.8u/filters/manfilt.c Examining data/vile-9.8u/filters/pl-filt.c Examining data/vile-9.8u/filters/pl6filt.c Examining data/vile-9.8u/filters/rubyfilt.c Examining data/vile-9.8u/filters/sed-filt.c Examining data/vile-9.8u/filters/tagsfilt.c Examining data/vile-9.8u/filters/unfilter.c Examining data/vile-9.8u/filters/unfilter.h Examining data/vile-9.8u/finderr.c Examining data/vile-9.8u/glob.c Examining data/vile-9.8u/globals.c Examining data/vile-9.8u/gnreight.h Examining data/vile-9.8u/gppconio.c Examining data/vile-9.8u/history.c Examining data/vile-9.8u/input.c Examining data/vile-9.8u/insert.c Examining data/vile-9.8u/isearch.c Examining data/vile-9.8u/itbuff.c Examining data/vile-9.8u/lckfiles.c Examining data/vile-9.8u/line.c Examining data/vile-9.8u/main.c Examining data/vile-9.8u/makeargv.c Examining data/vile-9.8u/makeargv.h Examining data/vile-9.8u/map.c Examining data/vile-9.8u/menu.c Examining data/vile-9.8u/mktbls.c Examining data/vile-9.8u/modes.c Examining data/vile-9.8u/msgs.c Examining data/vile-9.8u/npopen.c Examining data/vile-9.8u/ntconio.c Examining data/vile-9.8u/ntwinio.c Examining data/vile-9.8u/nullterm.c Examining data/vile-9.8u/oneliner.c Examining data/vile-9.8u/opers.c Examining data/vile-9.8u/os2keys.h Examining data/vile-9.8u/os2pipe.c Examining data/vile-9.8u/os2vio.c Examining data/vile-9.8u/package/freebsd/xvile/files/patch-x11menu.c Examining data/vile-9.8u/package/freebsd/xvile/files/patch-x11vile.h Examining data/vile-9.8u/patchlev.h Examining data/vile-9.8u/path.c Examining data/vile-9.8u/plugin.c Examining data/vile-9.8u/plugin.h Examining data/vile-9.8u/plugins/test.c Examining data/vile-9.8u/proto.h Examining data/vile-9.8u/pscreen.h Examining data/vile-9.8u/random.c Examining data/vile-9.8u/regexp.c Examining data/vile-9.8u/region.c Examining data/vile-9.8u/search.c Examining data/vile-9.8u/select.c Examining data/vile-9.8u/spawn.c Examining data/vile-9.8u/statevar.c Examining data/vile-9.8u/tags.c Examining data/vile-9.8u/tbuff.c Examining data/vile-9.8u/tcap.c Examining data/vile-9.8u/tcap.h Examining data/vile-9.8u/termio.c Examining data/vile-9.8u/test_io.c Examining data/vile-9.8u/trace.c Examining data/vile-9.8u/trace.h Examining data/vile-9.8u/ucrypt.c Examining data/vile-9.8u/undo.c Examining data/vile-9.8u/version.c Examining data/vile-9.8u/visvile/commands.cpp Examining data/vile-9.8u/visvile/commands.h Examining data/vile-9.8u/visvile/dsaddin.cpp Examining data/vile-9.8u/visvile/dsaddin.h Examining data/vile-9.8u/visvile/oleauto.cpp Examining data/vile-9.8u/visvile/oleauto.h Examining data/vile-9.8u/visvile/resource.h Examining data/vile-9.8u/visvile/stdafx.cpp Examining data/vile-9.8u/visvile/stdafx.h Examining data/vile-9.8u/visvile/visvile.cpp Examining data/vile-9.8u/visvile/visvile.h Examining data/vile-9.8u/vl_alloc.h Examining data/vile-9.8u/vl_crypt.h Examining data/vile-9.8u/vl_ctype.c Examining data/vile-9.8u/vl_ctype.h Examining data/vile-9.8u/vl_regex.h Examining data/vile-9.8u/vl_stdio.h Examining data/vile-9.8u/vms2unix.c Examining data/vile-9.8u/vmspipe.c Examining data/vile-9.8u/vmsvt.c Examining data/vile-9.8u/w32cbrd.c Examining data/vile-9.8u/w32cmd.c Examining data/vile-9.8u/w32misc.c Examining data/vile-9.8u/w32ole.cpp Examining data/vile-9.8u/w32ole.h Examining data/vile-9.8u/w32oo.cpp Examining data/vile-9.8u/w32pipe.c Examining data/vile-9.8u/w32reg.c Examining data/vile-9.8u/w32reg.h Examining data/vile-9.8u/w32vile.h Examining data/vile-9.8u/watch.c Examining data/vile-9.8u/wcwidth.c Examining data/vile-9.8u/wcwidth.h Examining data/vile-9.8u/window.c Examining data/vile-9.8u/winvile.h Examining data/vile-9.8u/word.c Examining data/vile-9.8u/wordmov.c Examining data/vile-9.8u/wvwrap.cpp Examining data/vile-9.8u/x11.c Examining data/vile-9.8u/x11menu.c Examining data/vile-9.8u/x11plain.c Examining data/vile-9.8u/x11vile.h Examining data/vile-9.8u/xterm.c Examining data/vile-9.8u/xtermkeys.h FINAL RESULTS: data/vile-9.8u/file.c:2456:15: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void) chmod(SL_TO_BSL(fn), (mode_t) (protection data/vile-9.8u/file.c:2462:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void) chmod(SL_TO_BSL(fn), (mode_t) protection); data/vile-9.8u/fileio.c:166:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. s = chmod(SL_TO_BSL(backup), ostat.st_mode & (S_IREAD | S_IWRITE)); data/vile-9.8u/fileio.c:168:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. s = chmod(SL_TO_BSL(backup), ostat.st_mode & 0777); data/vile-9.8u/path.c:706:13: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. || (got = readlink(temp_name, data/vile-9.8u/proto.h:1844:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. extern int readlink (const char *path, char *buffer, size_t size); data/vile-9.8u/bind.c:1126:18: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). result = strcat(strcat(strcpy(dst, "\""), src), "\""); data/vile-9.8u/bind.c:1698:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). leaf = pathleaf(lengthen_path(strcpy(dname, fname))); data/vile-9.8u/bind.c:2055:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, src); \ data/vile-9.8u/bind.c:2117:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, temp); data/vile-9.8u/bind.c:2177:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(seq, temp + 1); data/vile-9.8u/borland.c:361:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(current_res_name, res); data/vile-9.8u/btree.c:71:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define TRACE(p) printf p ; fflush(stdout) data/vile-9.8u/buffer.c:1872:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(dst, src); data/vile-9.8u/buffer.c:1889:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(&dst[len + 1], SCRTCH_RIGHT); data/vile-9.8u/builtflt.c:136:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "vile-%s-filt", current_filter->filter_name); data/vile-9.8u/builtflt.c:139:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(command, s); data/vile-9.8u/builtflt.c:217:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(defining, "define_%s", name); data/vile-9.8u/builtflt.c:218:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(leafname, "vile-%s-filt.so", name); data/vile-9.8u/builtflt.c:494:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, separator); data/vile-9.8u/builtflt.c:517:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer + used, separator); data/vile-9.8u/eightbit.c:298:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, wide); data/vile-9.8u/eightbit.c:316:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(exp->startp[0], on_right); data/vile-9.8u/eightbit.c:317:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(exp->startp[0], save); data/vile-9.8u/eightbit.c:635:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "CP%s", suffix); data/vile-9.8u/encrypt.c:251:1: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. crypt(const char *wort, const char *salt) data/vile-9.8u/estruct.h:3028:55: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define GCC_PRINTFLIKE(fmt,var) __attribute__((format(printf,fmt,var))) data/vile-9.8u/eval.c:3113:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). result = lengthen_path(strcpy(tb_values(tkbuf), argp)); data/vile-9.8u/file.c:378:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). mklower(strcpy(temp2, bp->b_fname)); data/vile-9.8u/file.c:2021:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(bcp, SCRTCH_RIGHT); data/vile-9.8u/file.c:2036:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(bname, NO_BNAME); data/vile-9.8u/file.c:2054:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). j = strlen(strcpy(name, NO_BNAME)); data/vile-9.8u/file.c:2076:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&newname[k - 1], suffixbuf); data/vile-9.8u/file.c:2077:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newname, SCRTCH_RIGHT); data/vile-9.8u/file.c:2079:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&newname[k], suffixbuf); data/vile-9.8u/file.c:2818:10: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). if (mktemp(dirnam) != 0 && *dirnam != '\0') { data/vile-9.8u/file.c:2895:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(strcpy(temp, "V"), bp->b_bname), data/vile-9.8u/file.c:2975:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. IGNORE_RC(system(cmd)); data/vile-9.8u/filec.c:182:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(lvalue(np), text); data/vile-9.8u/filec.c:580:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, fb.achName); data/vile-9.8u/filec.c:626:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(leaf, de->d_name); data/vile-9.8u/filec.c:630:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) mklower(strcpy(leaf, de->d_name)); data/vile-9.8u/filec.c:967:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(frac, s); data/vile-9.8u/filec.c:973:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(frac, s); data/vile-9.8u/filec.c:992:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(path, frac); data/vile-9.8u/filec.c:1117:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(buf, path + oldlen); data/vile-9.8u/filec.c:1288:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(result, Reply); data/vile-9.8u/filec.c:1347:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) tb_scopy(buffer, strcpy(result, Reply)); data/vile-9.8u/fileio.c:433:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strip_version(fn = strcpy(temp, fn)); data/vile-9.8u/fileio.c:484:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. && access(SL_TO_BSL(fn), n) == 0); data/vile-9.8u/filters/ecrypt.c:297:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, table[n], prog); data/vile-9.8u/filters/ecrypt.c:308:27: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. char *userkey = (char *) getpass("Enter key: "); data/vile-9.8u/filters/filterio.c:201:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) vfprintf(stderr, fmt, ap); data/vile-9.8u/filters/filterio.c:218:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) vfprintf(stderr, fmt, ap); data/vile-9.8u/filters/filterio.c:239:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(desktop, "%s%s", drive, result); data/vile-9.8u/filters/filterio.c:256:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/vile-9.8u/filters/filterio.c:276:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(ns, src); data/vile-9.8u/filters/filters.c:399:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define FIND_IT(p) sprintf p; OPEN_IT(str_keyword_name) data/vile-9.8u/filters/filters.c:414:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str_keyword_file, "%s%s", table_name, suffix); data/vile-9.8u/filters/filters.c:435:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(myLeaf, "%s%s%c", DOT_TO_HIDE_IT, MY_NAME, PATHSEP); data/vile-9.8u/filters/filters.h:141:47: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define FLEX_PRINTF(param) if (yy_flex_debug) fprintf param data/vile-9.8u/filters/genmake.c:59:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(d, "%s ", program); data/vile-9.8u/filters/genmake.c:74:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(d, list[*s - 'i']); data/vile-9.8u/filters/genmake.c:174:4: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(output); /* won't work on VMS */ data/vile-9.8u/filters/m4-filt.c:18:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DPRINTF(params) if(FltOptions('d'))printf params data/vile-9.8u/filters/m4-filt.c:114:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q->text, s); data/vile-9.8u/filters/pl-filt.c:32:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DPRINTF(params) if(FltOptions('d'))printf params data/vile-9.8u/filters/pl6filt.c:32:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DPRINTF(params) if(FltOptions('d'))printf params data/vile-9.8u/filters/rubyfilt.c:35:44: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DPRINTF(params) if(FltOptions('d'))printf params data/vile-9.8u/finderr.c:910:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(name, febuff); data/vile-9.8u/glob.c:432:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(leaf, de->d_name); data/vile-9.8u/glob.c:443:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(leaf, de->d_name); data/vile-9.8u/glob.c:455:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, next); data/vile-9.8u/glob.c:554:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) mklower(strcpy(leaf, fb.achName)); data/vile-9.8u/glob.c:565:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, next); data/vile-9.8u/glob.c:760:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(pattern + j, s); data/vile-9.8u/glob.c:761:14: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(pattern, save); data/vile-9.8u/glob.c:796:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(actual, item); data/vile-9.8u/glob.c:822:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(temp, de->d_name); data/vile-9.8u/glob.c:890:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *cp = pathleaf(strcpy(temp, strcpy(path, item))); data/vile-9.8u/glob.c:890:38: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *cp = pathleaf(strcpy(temp, strcpy(path, item))); data/vile-9.8u/glob.c:895:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(cp, DirEntryStr(p)); data/vile-9.8u/glob.c:1129:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(path, expand[0]); data/vile-9.8u/gppconio.c:582:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. cnt = vsprintf(buf, fmt, ap); data/vile-9.8u/input.c:250:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cbuf, tb_values(result)); data/vile-9.8u/lckfiles.c:73:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lockfile, "%s.lck", fname); data/vile-9.8u/main.c:1337:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(dst, src); data/vile-9.8u/makeargv.c:88:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(blob, cmdline); data/vile-9.8u/menu.c:169:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(path, data/vile-9.8u/mktbls.c:135:23: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define Fprintf (void)fprintf data/vile-9.8u/mktbls.c:136:23: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define Sprintf (void)sprintf data/vile-9.8u/mktbls.c:139:12: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int fprintf(FILE *fp, const char *fmt, ...); data/vile-9.8u/mktbls.c:345:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(Alloc(strlen(s) + 1), s); data/vile-9.8u/mktbls.c:466:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(dst, src); data/vile-9.8u/mktbls.c:848:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(base, temp); data/vile-9.8u/mktbls.c:850:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(strcat(strcpy(base + 2, "no"), temp + 2), "+2"); data/vile-9.8u/mktbls.c:1182:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(p->Name, "%s\n%s\n%s", norm, type, abbr) != 3) data/vile-9.8u/mktbls.c:1258:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. count = sscanf(p->Name, "%s\n%s\n%s", full_name, type_name, part_name); data/vile-9.8u/mktbls.c:1373:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(p->Name, "%s\n%s\n%s", data/vile-9.8u/mktbls.c:1636:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(p->Name, "%s\n%s", norm, type) != 2) data/vile-9.8u/mktbls.c:1666:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(p->Name, "%s\n%s", norm, type) != 2) data/vile-9.8u/mktbls.c:1826:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(old_cond, cond); data/vile-9.8u/mktbls.c:2175:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cum_defn, KEYTOKEN); data/vile-9.8u/mktbls.c:2200:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. defp += sprintf(defp, "|%s", match); data/vile-9.8u/modes.c:2257:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(prompt, reply); data/vile-9.8u/modes.c:4714:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tb_values(savename) + (exp->startp[0] - pathname), data/vile-9.8u/npopen.c:217:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) execlp(sh, shname, SHELL_C, cmd, (void *) 0); data/vile-9.8u/npopen.c:219:9: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) execlp(sh, shname, (void *) 0); data/vile-9.8u/npopen.c:386:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myRval = system(cmd); data/vile-9.8u/npopen.c:421:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myRval = system(cmd); data/vile-9.8u/ntwinio.c:321:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, "%s+%X", table[n].name, remainder); data/vile-9.8u/ntwinio.c:689:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prompt, "Palette value (%s): ", table[count].name); data/vile-9.8u/ntwinio.c:1388:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str_rslts.face, result_face); data/vile-9.8u/ntwinio.c:1499:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/vile-9.8u/ntwinio.c:2343:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\t%s", ptbl->menu_name, accel); data/vile-9.8u/ntwinio.c:2415:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "About %s", prognam); data/vile-9.8u/ntwinio.c:2420:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n%s%s", prognam, version, VILE_PATCHLEVEL); data/vile-9.8u/ntwinio.c:2425:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/vile-9.8u/ntwinio.c:4621:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s = buf, fmt1, prognam); data/vile-9.8u/ntwinio.c:4629:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, fmt2, temp, skip_cblanks(options[n] + need)); data/vile-9.8u/ntwinio.c:4631:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, fmt3, options[n]); data/vile-9.8u/nullterm.c:37:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, (nc ? " %d" : "%d"), nc); data/vile-9.8u/nullterm.c:39:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(value, temp); data/vile-9.8u/os2pipe.c:66:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "/C %s", command); data/vile-9.8u/path.c:305:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(dst, leaf); data/vile-9.8u/path.c:313:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). have = strlen(strcpy(dst, path)); data/vile-9.8u/path.c:318:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s + 1, leaf); data/vile-9.8u/path.c:323:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(dst, leaf); data/vile-9.8u/path.c:325:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). have = strlen(strcpy(dst, path)); data/vile-9.8u/path.c:336:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s + 1, leaf); data/vile-9.8u/path.c:342:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(dst, leaf); data/vile-9.8u/path.c:687:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(temp_name, path_name); data/vile-9.8u/path.c:722:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(tnp, target); data/vile-9.8u/path.c:724:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(temp_name, target); data/vile-9.8u/path.c:968:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(sofar, actual); data/vile-9.8u/path.c:1026:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(tmp_file, old_file); data/vile-9.8u/path.c:1031:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) mklower(strcpy(new_file, old_file)); data/vile-9.8u/path.c:1070:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(sofar, fb.achName); data/vile-9.8u/path.c:1154:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, real); data/vile-9.8u/path.c:1170:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, pathcat(temp, head, leaf)); data/vile-9.8u/path.c:1172:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, head); data/vile-9.8u/path.c:1270:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(ss, current_directory(FALSE)); data/vile-9.8u/path.c:1361:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(temp, cwd); data/vile-9.8u/path.c:1379:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(path, strcat(temp, ff)); data/vile-9.8u/path.c:1379:25: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcpy(path, strcat(temp, ff)); data/vile-9.8u/path.c:1403:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(path, vl_strncat(temp, ff + 1, sizeof(temp))); data/vile-9.8u/path.c:1406:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(path, vl_strncat(temp, ff, sizeof(temp))); data/vile-9.8u/path.c:1416:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(path, data/vile-9.8u/path.c:1508:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(path, temp); data/vile-9.8u/path.c:1541:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(path, my_esa); data/vile-9.8u/path.c:1553:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, temp); data/vile-9.8u/path.c:1802:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) mkupper(strcpy(ftype, s)); data/vile-9.8u/path.c:1923:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(buf, fname); data/vile-9.8u/path.c:2201:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, find); data/vile-9.8u/path.c:2248:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(trunc_buf, path); /* fits -- no issues */ data/vile-9.8u/path.c:2257:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(trunc_buf, path + path_len - max_len); data/vile-9.8u/plugin.c:35:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(leafname, PLUGIN_SO_FMT, name); data/vile-9.8u/plugin.c:36:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(symname, PLUGIN_INIT_NAME, name); data/vile-9.8u/proto.h:1385:15: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. extern char * crypt (const char *key, const char *salt); data/vile-9.8u/proto.h:1716:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. extern int access (const char *path, int mode); data/vile-9.8u/proto.h:1734:12: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern int execlp (const char *path, ...); data/vile-9.8u/proto.h:1749:12: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int fprintf (FILE *fp, const char *fmt, ...); data/vile-9.8u/proto.h:1773:15: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. extern char * getpass (const char *prompt); data/vile-9.8u/proto.h:1829:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern FILE * popen (const char *cmd, const char *mode); data/vile-9.8u/proto.h:1832:12: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int printf (const char *fmt, ...); data/vile-9.8u/proto.h:1882:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. extern int sscanf (const char *src, const char *fmt, ...); data/vile-9.8u/proto.h:1894:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern int system (const char *cmd); data/vile-9.8u/random.c:1207:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(cwds[n], current_directory(TRUE)); data/vile-9.8u/random.c:1230:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(cwds[n], s); data/vile-9.8u/random.c:1383:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(exdp, prevdir); data/vile-9.8u/random.c:1449:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newdir, "%s%s", cdpathdir, &exdp[1]); data/vile-9.8u/random.c:1458:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newdir, "%s%s", cdpathdir, exdp); data/vile-9.8u/random.c:1543:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(np, fname); data/vile-9.8u/random.c:1574:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(bp->b_fname, np); data/vile-9.8u/random.c:1871:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirstack[dirs_idx++], dir); data/vile-9.8u/random.c:1941:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirstack[dirs_idx - 1], oldcwd); data/vile-9.8u/random.c:1958:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirstack[uindx], oldcwd); data/vile-9.8u/random.c:2157:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rslt, "%4s%4s %s", bufup, bufdn, current_directory(TRUE)); data/vile-9.8u/random.c:2164:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(rslt, "\n%4s%4s %s", bufup, bufdn, dirstack[i]); data/vile-9.8u/regexp.c:2573:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, "%2d%s", (int) (s - program), regprop(s)); /* Where, what. */ data/vile-9.8u/regexp.c:2676:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(STRSKIP(buf), "%s%c", OP(op) == RSIMPLE data/vile-9.8u/regexp.c:2693:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(buf, p); data/vile-9.8u/regexp.c:2879:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(dst, src); data/vile-9.8u/spawn.c:120:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. IGNORE_RC(system(result)); data/vile-9.8u/spawn.c:206:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(shell); data/vile-9.8u/spawn.c:345:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(save, bang); data/vile-9.8u/spawn.c:347:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(line, save); data/vile-9.8u/spawn.c:371:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(result, line + fix); data/vile-9.8u/spawn.c:448:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(line); data/vile-9.8u/spawn.c:527:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(line, oline); data/vile-9.8u/spawn.c:741:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(line, oline); data/vile-9.8u/spawn.c:819:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(line, oline); data/vile-9.8u/spawn.c:900:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(line, oline); data/vile-9.8u/spawn.c:904:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(tnam, bp->b_fname); /* save the original name */ data/vile-9.8u/spawn.c:917:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(line); data/vile-9.8u/spawn.c:928:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(temp, t); data/vile-9.8u/spawn.c:929:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(strcpy(t, " <fltinp"), temp); data/vile-9.8u/spawn.c:934:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(line); data/vile-9.8u/spawn.c:1215:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(base[idx++], buf); data/vile-9.8u/spawn.c:1238:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, get_shell()); data/vile-9.8u/spawn.c:1295:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*cmd + *cmdidx, token); data/vile-9.8u/spawn.c:1500:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/vile-9.8u/spawn.c:1656:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/vile-9.8u/spawn.c:1688:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/vile-9.8u/trace.c:47:12: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. extern int vfprintf(FILE *fp, const char *fmt, va_list v); data/vile-9.8u/trace.c:100:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fp, fmt, ap); data/vile-9.8u/trace.c:178:32: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *s = strchr(mktrimmed(strcpy(temp, txt)), L_PAREN); data/vile-9.8u/trace.c:279:6: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fp, fmt, ap); data/vile-9.8u/trace.c:283:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, T_RETURN "(close)\n"); data/vile-9.8u/trace.c:431:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(result + (indent_gap * (size_t) n), indent_fmt, marker); data/vile-9.8u/trace.c:434:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(result, indent_fmt, marker); data/vile-9.8u/trace.c:580:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, temp); data/vile-9.8u/trace.c:1109:56: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define TRACE_CTYPE(mask) if (table[n] & chrBIT(mask)) strcat(buffer, "|" #mask) data/vile-9.8u/trace.h:11:55: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define GCC_PRINTFLIKE(fmt,var) __attribute__((format(printf,fmt,var))) data/vile-9.8u/visvile/commands.cpp:282:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(logpath, "%s\\%s", workspace_cwd, file); data/vile-9.8u/visvile/commands.cpp:323:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s\\%s", workspace_cwd, file); data/vile-9.8u/visvile/commands.cpp:324:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, data/vile-9.8u/visvile/oleauto.cpp:96:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/vile-9.8u/visvile/oleauto.cpp:476:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd, data/vile-9.8u/visvile/oleauto.cpp:489:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cd, ":cd %s\n", tmp); data/vile-9.8u/visvile/oleauto.cpp:491:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmd, cd); data/vile-9.8u/visvile/oleauto.cpp:497:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmd, line); data/vile-9.8u/visvile/oleauto.cpp:560:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(scratch + 1, cmd); data/vile-9.8u/vl_crypt.h:73:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. strncpy(dst, crypt(key, salt), (size_t) LEN_CRYPT); data/vile-9.8u/vl_regex.h:76:55: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define GCC_PRINTFLIKE(fmt,var) __attribute__((format(printf,fmt,var))) data/vile-9.8u/vms2unix.c:88:12: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). return mktemp(strmalloc(pathcat(temp, data/vile-9.8u/vms2unix.c:90:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcat(strcpy(leaf, tail), data/vile-9.8u/vms2unix.c:269:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(base, dst); data/vile-9.8u/vms2unix.c:326:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *s = strcpy(tmp, src); /* ... to permit src == dst */ data/vile-9.8u/vms2unix.c:342:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). len = strlen(strcpy(d, leading)); data/vile-9.8u/vms2unix.c:382:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). len = strlen(strcpy(d, home)); data/vile-9.8u/vms2unix.c:470:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(d, RootDir); data/vile-9.8u/vms2unix.c:480:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(d, s); data/vile-9.8u/vms2unix.c:567:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *s = skip_string(strcpy(buffer, src)); data/vile-9.8u/vms2unix.c:570:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(s, DirType); data/vile-9.8u/vms2unix.c:615:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *s = strcpy(tmp, src); /* ... to permit src == dst */ data/vile-9.8u/vmspipe.c:193:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(pre_command, input_file); data/vile-9.8u/vmsvt.c:547:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(screen_desc, data/vile-9.8u/vmsvt.c:675:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, res); data/vile-9.8u/w32cmd.c:81:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outputdir, inputdir); data/vile-9.8u/w32cmd.c:95:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outputdir, sl_to_bsl(outputdir)); data/vile-9.8u/w32cmd.c:261:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s\\%s", dir2, cp); data/vile-9.8u/w32cmd.c:387:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(scratch, fname); data/vile-9.8u/w32cmd.c:402:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filebuf, leaf); data/vile-9.8u/w32cmd.c:677:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, ERRPREFIX); data/vile-9.8u/w32cmd.c:683:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cp, spooler_errs[errcode]); data/vile-9.8u/w32cmd.c:1696:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, data/vile-9.8u/w32cmd.c:1708:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, data/vile-9.8u/w32cmd.c:1965:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s (selection)", curbp->b_bname); data/vile-9.8u/w32cmd.c:2126:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value_name, RECENT_REGVALUE_FMT, n); data/vile-9.8u/w32cmd.c:2275:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value_name, RECENT_REGVALUE_FMT, i); data/vile-9.8u/w32cmd.c:2586:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value_name, RECENT_REGVALUE_FMT, 0); data/vile-9.8u/w32cmd.c:2626:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(value_name, RECENT_REGVALUE_FMT, i); data/vile-9.8u/w32misc.c:241:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(out_str, "%s %s %s", shell, shell_c, cmd); data/vile-9.8u/w32misc.c:262:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. cp += sprintf(cp, "%s %s ", shell, shell_c); data/vile-9.8u/w32misc.c:266:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "'%s'", cmd); data/vile-9.8u/w32misc.c:394:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmdstr, cmd + W32_START_STR_LEN); data/vile-9.8u/w32misc.c:491:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(shell, get_shell()); data/vile-9.8u/w32misc.c:570:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmdstr, cmd + W32_START_STR_LEN); data/vile-9.8u/w32misc.c:1258:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(bslfn, 0) != 0) data/vile-9.8u/w32ole.cpp:91:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fp, fmt, ap); data/vile-9.8u/w32ole.cpp:366:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "[%s, system msg: %s]", msg, lclbuf); data/vile-9.8u/w32ole.cpp:628:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "CLSID\\%s\\LocalServer32", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32ole.cpp:1273:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "VK_%s redir unsupported, redirection disabled", key); data/vile-9.8u/w32oo.cpp:43:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufferp, result); data/vile-9.8u/w32pipe.c:361:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, SHELL_ERR_MSG, get_shell()); data/vile-9.8u/w32pipe.c:572:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/vile-9.8u/w32pipe.c:604:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "[unable to open temp file \"%s\": %s]", data/vile-9.8u/w32pipe.c:619:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, SHELL_ERR_MSG, get_shell()); data/vile-9.8u/w32pipe.c:666:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "[unable to open temp file \"%s\": %s]", data/vile-9.8u/w32pipe.c:680:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, SHELL_ERR_MSG, get_shell()); data/vile-9.8u/w32reg.c:136:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(editor_path, asc_charstring(fullpath)); data/vile-9.8u/w32reg.c:151:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "%s.Application", name); data/vile-9.8u/w32reg.c:155:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s %s Application", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:173:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "%s.Application\\CURVER", name); data/vile-9.8u/w32reg.c:178:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s.Application.%s", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:187:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "%s.Application.%s", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:188:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s %s Application", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:210:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "CLSID\\%s", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:211:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s %s Application", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:222:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s.Application.%s", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:233:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "CLSID\\%s\\VersionIndependentProgID", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:234:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s.Application", name); data/vile-9.8u/w32reg.c:245:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "CLSID\\%s\\LocalServer32", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:246:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s -Oa", editor_path); data/vile-9.8u/w32reg.c:258:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value + strlen(value), data/vile-9.8u/w32reg.c:272:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "CLSID\\%s\\TypeLib", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:285:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "CLSID\\%s\\Programmable", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:295:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "TypeLib\\%s\\%s", LIBID_VILEAUTO_KEY, VTL_VERSTR); data/vile-9.8u/w32reg.c:296:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(value, "%s %s Type Library", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:310:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(value, editor_path); data/vile-9.8u/w32reg.c:323:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "Interface\\%s", IID_IVILEAUTO_KEY); data/vile-9.8u/w32reg.c:346:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(key, "Interface\\%s\\ProxyStubClsid32", IID_IVILEAUTO_KEY); data/vile-9.8u/w32reg.c:387:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keytop, "%s.Application", name); data/vile-9.8u/w32reg.c:388:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\CLSID", keytop); data/vile-9.8u/w32reg.c:393:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\CURVER", keytop); data/vile-9.8u/w32reg.c:399:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keytop, "%s.Application.%s", name, VTL_VERSTR); data/vile-9.8u/w32reg.c:400:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\CLSID", keytop); data/vile-9.8u/w32reg.c:406:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keytop, "CLSID\\%s", CLSID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:407:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\ProgID", keytop); data/vile-9.8u/w32reg.c:409:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\VersionIndependentProgID", keytop); data/vile-9.8u/w32reg.c:411:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\LocalServer32", keytop); data/vile-9.8u/w32reg.c:413:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\TypeLib", keytop); data/vile-9.8u/w32reg.c:415:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\Programmable", keytop); data/vile-9.8u/w32reg.c:421:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keytop, "TypeLib\\%s\\%s", LIBID_VILEAUTO_KEY, VTL_VERSTR); data/vile-9.8u/w32reg.c:422:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\9\\win32", keytop); data/vile-9.8u/w32reg.c:427:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\9", keytop); data/vile-9.8u/w32reg.c:430:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keytop, "TypeLib\\%s", LIBID_VILEAUTO_KEY); data/vile-9.8u/w32reg.c:435:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keytop, "Interface\\%s", IID_IVILEAUTO_KEY); data/vile-9.8u/w32reg.c:436:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\TypeLib", keytop); data/vile-9.8u/w32reg.c:441:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keysub, "%s\\ProxyStubClsid32", keytop); data/vile-9.8u/w32reg.c:452:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, prognam); data/vile-9.8u/w32reg.c:469:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "%s.exe", prognam); data/vile-9.8u/w32reg.c:472:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, sl_to_bsl(s)); data/vile-9.8u/w32reg.c:484:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s\\%s", sl_to_bsl(temp), name); data/vile-9.8u/w32reg.c:516:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf(status, data/vile-9.8u/w32reg.c:523:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(status + len, data/vile-9.8u/wvwrap.cpp:47:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fp, fmt, ap); data/vile-9.8u/wvwrap.cpp:177:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*buf, tmp); data/vile-9.8u/wvwrap.cpp:279:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, value); data/vile-9.8u/wvwrap.cpp:323:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/vile-9.8u/wvwrap.cpp:337:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/vile-9.8u/wvwrap.cpp:349:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, data/vile-9.8u/wvwrap.cpp:424:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, ":eval cd '%s%s'\n", data/vile-9.8u/wvwrap.cpp:437:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, ":eval e '%s'\n", escape_quotes(argv[argc1++])); data/vile-9.8u/x11.c:1726:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "%s%s%s", prefix, filename, suffix); data/vile-9.8u/x11.c:3450:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "missing number", s, i); data/vile-9.8u/x11.c:3462:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "too many numbers", data/vile-9.8u/x11.c:3480:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "bad value number", data/vile-9.8u/x11.c:3483:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "bad range", s, i); data/vile-9.8u/x11.c:3491:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "bad character", s, i); data/vile-9.8u/x11.c:3507:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "bad value number", s, i); data/vile-9.8u/x11.c:3509:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void) fprintf(stderr, errfmt, "bad range", s, i); data/vile-9.8u/x11menu.c:66:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%sMenu", nom); data/vile-9.8u/x11menu.c:101:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%sMenu", nom); data/vile-9.8u/x11menu.c:306:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(string, "%-*.*s %s", NBUFN - 1, NBUFN - 1, data/vile-9.8u/xtermkeys.h:167:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(target, "%.*s;%d%s", data/vile-9.8u/xtermkeys.h:174:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(target, "%.*s1;%d%s", data/vile-9.8u/xtermkeys.h:230:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(target, source); data/vile-9.8u/bind.c:1775:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define PATH_value() getenv("PATH") data/vile-9.8u/btree.c:865:6: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned) time(NULL)); data/vile-9.8u/curses.c:212:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tgetent(tc_rawdata, getenv("TERM"))) != 1) { data/vile-9.8u/curses.c:213:49: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fprintf(stderr, "Unknown terminal type %s!\n", getenv("TERM")); data/vile-9.8u/curses.c:221:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *t = getenv("TERM"); data/vile-9.8u/curses.c:286:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. term.set_title(getenv("TERM")); data/vile-9.8u/estruct.h:947:9: [3] (tmpfile) tempnam: Temporary file race condition (CWE-377). #define tempnam vile_tempnam data/vile-9.8u/file.c:379:6: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (realpath(temp2, temp)) { data/vile-9.8u/file.c:2800:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((np = getenv("TMPDIR")) != 0 && data/vile-9.8u/file.c:2930:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ((np = getenv("LOGNAME")) != 0 || data/vile-9.8u/file.c:2931:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (np = getenv("USER")) != 0)) { data/vile-9.8u/filters/filterio.c:230:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((result = getenv("SYS$LOGIN")) == 0) data/vile-9.8u/filters/filterio.c:231:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. result = getenv("HOME"); data/vile-9.8u/filters/filterio.c:233:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. result = getenv("HOME"); data/vile-9.8u/filters/filterio.c:237:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *drive = getenv("HOMEDRIVE"); data/vile-9.8u/filters/filterio.c:283:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *result = getenv(name); data/vile-9.8u/filters/manfilt.c:999:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (((env = getenv("LC_ALL")) != 0 && *env != 0) || data/vile-9.8u/filters/manfilt.c:1000:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ((env = getenv("LC_CTYPE")) != 0 && *env != 0) || data/vile-9.8u/filters/manfilt.c:1001:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ((env = getenv("LANG")) != 0 && *env != 0)) { data/vile-9.8u/glob.c:753:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv(pattern + left)) == 0) data/vile-9.8u/lckfiles.c:59:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. np = getenv("LOGNAME"); data/vile-9.8u/lckfiles.c:61:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. np = getenv("USER"); data/vile-9.8u/main.c:2891:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *result = getenv(name); data/vile-9.8u/main.c:2929:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *result = getenv(name); data/vile-9.8u/map.c:693:17: [3] (tmpfile) tempnam: Temporary file race condition (CWE-377). tfilenam = tempnam("/tmp/vilekeylogs", "vilek"); data/vile-9.8u/npopen.c:31:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define user_SHELL() getenv("SHELL") data/vile-9.8u/npopen.c:324:17: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). myName[n] = tmpnam((char *) 0); data/vile-9.8u/npopen.c:326:17: [3] (tmpfile) tempnam: Temporary file race condition (CWE-377). myName[n] = tempnam(TMPDIR, type); data/vile-9.8u/ntconio.c:526:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. conemu = getenv("ConEmuPID") != NULL; data/vile-9.8u/os2pipe.c:65:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((shell = getenv("COMSPEC")) != NULL) { data/vile-9.8u/path.c:469:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((result = getenv("SYS$LOGIN")) == 0) data/vile-9.8u/path.c:470:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. result = getenv("HOME"); data/vile-9.8u/path.c:472:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. result = getenv("HOME"); data/vile-9.8u/path.c:475:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((result = getenv("USERPROFILE")) == 0 && data/vile-9.8u/path.c:476:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. (result = getenv("HOMESHARE")) == 0) { data/vile-9.8u/path.c:478:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((result = getenv("HOMEPATH")) != 0) { data/vile-9.8u/path.c:480:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *drive = getenv("HOMEDRIVE"); data/vile-9.8u/path.c:1151:19: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. char *real = realpath(s, temp); data/vile-9.8u/path.c:1162:7: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (realpath(temp, temp3) != 0) { data/vile-9.8u/path.c:1552:6: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (realpath(path, temp)) { data/vile-9.8u/path.c:2276:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. && (tmp = getenv("PATH")) != 0 data/vile-9.8u/proto.h:462:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define get_cdpath() getenv("CDPATH") data/vile-9.8u/proto.h:463:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define get_findpath() getenv("VILE_FINDPATH") data/vile-9.8u/proto.h:464:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define get_shell() getenv("SHELL") data/vile-9.8u/proto.h:529:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define gtenv(name) getenv(name) data/vile-9.8u/proto.h:1770:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char * getenv (const char *name); data/vile-9.8u/proto.h:1788:15: [3] (buffer) getwd: This does not protect against buffer overflows by itself, so use with caution (CWE-120, CWE-20). Use getcwd instead. extern char * getwd (char *buffer); data/vile-9.8u/random.c:1065:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = ((did_chdir != 0 || getenv("VILE_PWD") == 0) data/vile-9.8u/random.c:1067:5: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. : getenv("PWD")); data/vile-9.8u/random.c:1068:11: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. cwd = realpath(s ? s : ".", current_dirname); data/vile-9.8u/random.c:1074:11: [3] (buffer) getwd: This does not protect against buffer overflows by itself, so use with caution (CWE-120, CWE-20). Use getcwd instead. cwd = getwd(current_dirname); data/vile-9.8u/statevar.c:282:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *v = getenv(s); data/vile-9.8u/statevar.c:1548:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((UINT) vl_seed); data/vile-9.8u/tcap.c:231:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tv_stype = getenv("TERM")) == NULL) { data/vile-9.8u/tcap.c:416:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. term.set_title(getenv("TERM")); data/vile-9.8u/termio.c:1203:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. e = getenv("COLUMNS"); data/vile-9.8u/termio.c:1208:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. e = getenv("LINES"); data/vile-9.8u/termio.c:1213:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. e = getenv("COLUMNS"); data/vile-9.8u/termio.c:1216:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. e = getenv("LINES"); data/vile-9.8u/vms2unix.c:83:1: [3] (tmpfile) tempnam: Temporary file race condition (CWE-377). tempnam(const char *head, const char *tail) data/vile-9.8u/vms2unix.c:266:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((*base) && (dst = getenv(base)) != 0) { data/vile-9.8u/vms2unix.c:373:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home = getenv("SYS$LOGIN"); data/vile-9.8u/vms2unix.c:376:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = unix2vms_path(tmp2, getenv("HOME")); data/vile-9.8u/w32misc.c:320:6: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/vile-9.8u/w32misc.c:320:6: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/vile-9.8u/w32misc.c:632:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/vile-9.8u/w32misc.c:632:9: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/vile-9.8u/w32pipe.c:221:6: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/vile-9.8u/w32pipe.c:221:6: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, data/vile-9.8u/w32pipe.c:321:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmpin_name = _tempnam(getenv("TEMP"), "vile")) == NULL) data/vile-9.8u/w32pipe.c:472:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((stdin_name = _tempnam(getenv("TEMP"), "vile")) == NULL) data/vile-9.8u/w32pipe.c:491:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmpin_name = _tempnam(getenv("TEMP"), "vile")) == NULL) data/vile-9.8u/w32pipe.c:515:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((stdout_name = _tempnam(getenv("TEMP"), "vile")) == NULL) data/vile-9.8u/ansi.c:359:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(screen_desc, "NORMAL"); data/vile-9.8u/api.c:105:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lvalue(DOT.l) + DOT.o - i + 1, s + 1, (size_t) (i - 1)); data/vile-9.8u/api.c:380:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char empty[1]; data/vile-9.8u/api.c:622:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufname[NBUFN]; data/vile-9.8u/api.c:624:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufname, "[unnamed-%d]", ++unnamed_cnt); data/vile-9.8u/basic.c:1554:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[2]; data/vile-9.8u/basic.c:1599:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[2]; data/vile-9.8u/bind.c:382:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NLINE]; data/vile-9.8u/bind.c:501:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outseq[NLINE]; /* output buffer for keystroke sequence */ data/vile-9.8u/bind.c:606:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outseq[NLINE]; /* output buffer for keystroke sequence */ data/vile-9.8u/bind.c:738:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[NLINE]; data/vile-9.8u/bind.c:925:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char substring[NSTRING]; data/vile-9.8u/bind.c:934:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char described_cmd[NLINE + 1]; /* string to match cmd names to */ data/vile-9.8u/bind.c:1032:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/bind.c:1054:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outseq[NSTRING]; /* output buffer for command sequence */ data/vile-9.8u/bind.c:1128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NLINE]; data/vile-9.8u/bind.c:1183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NLINE]; data/vile-9.8u/bind.c:1239:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outseq[NLINE]; /* output buffer for text */ data/vile-9.8u/bind.c:1437:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outseq[NSTRING]; /* output buffer for command sequence */ data/vile-9.8u/bind.c:1492:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outseq[NLINE]; /* output buffer for keystroke sequence */ data/vile-9.8u/bind.c:1502:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(outseq, " or\t"); data/vile-9.8u/bind.c:1717:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fullpath[NFILEN]; /* expanded path */ data/vile-9.8u/bind.c:1731:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_name[NFILEN]; data/vile-9.8u/bind.c:1756:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mypath[NFILEN]; data/vile-9.8u/bind.c:1914:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[NFILEN]; /* expanded path */ data/vile-9.8u/bind.c:1925:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_name[NFILEN]; data/vile-9.8u/bind.c:2003:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/bind.c:2015:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/bind.c:2066:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/vile-9.8u/bind.c:2171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/bind.c:2252:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char seq[40]; data/vile-9.8u/bind.c:2475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/bind.c:2839:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[NLINE]; data/vile-9.8u/bind.c:3309:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NLINE]; data/vile-9.8u/bind.c:3492:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NBUFN]; data/vile-9.8u/bind.c:3573:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char outseq[NLINE]; data/vile-9.8u/borland.c:62:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char linebuf[128]; data/vile-9.8u/borland.c:509:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80X21"); data/vile-9.8u/borland.c:516:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80"); data/vile-9.8u/borland.c:522:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80X28"); data/vile-9.8u/borland.c:528:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80X43"); data/vile-9.8u/borland.c:534:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80X50"); data/vile-9.8u/borland.c:540:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80X60"); data/vile-9.8u/borland.c:575:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "C80"); data/vile-9.8u/borland.c:586:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(screen_desc, "C80X%d", rows); data/vile-9.8u/btree.c:807:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/vile-9.8u/btree.c:868:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", vector[n]); data/vile-9.8u/btree.c:879:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", vector[n]); data/vile-9.8u/btree.c:909:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[n], "r"); data/vile-9.8u/buffer.c:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfname[NFILEN]; data/vile-9.8u/buffer.c:437:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[(HIST_SHOW + 1) * (NBUFN + 10)]; data/vile-9.8u/buffer.c:653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfname[NFILEN]; data/vile-9.8u/buffer.c:901:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; data/vile-9.8u/buffer.c:917:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; data/vile-9.8u/buffer.c:933:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; data/vile-9.8u/buffer.c:948:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; data/vile-9.8u/buffer.c:965:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; data/vile-9.8u/buffer.c:1578:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NFILEN]; data/vile-9.8u/buffer.c:1678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NFILEN]; data/vile-9.8u/buffer.c:1679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[NSTRING]; data/vile-9.8u/buffer.c:1710:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char this_command[NSTRING]; data/vile-9.8u/buffer.c:1757:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NFILEN]; data/vile-9.8u/buffer.c:1960:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; /* buffer to hold buffer name */ data/vile-9.8u/buffer.c:1978:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char procname[NBUFN]; data/vile-9.8u/buffer.c:1998:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bufn[NBUFN]; /* buffer to hold buffer name */ data/vile-9.8u/buffer.c:2035:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; data/vile-9.8u/buffer.c:2219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/buffer.c:2267:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufnum[NSTRING]; data/vile-9.8u/buffer.c:2270:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufnum, "%3d", nbuf++); data/vile-9.8u/buffer.c:2303:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(lvalue(curlp) + 6, temp, strlen(temp)); data/vile-9.8u/buffer.c:2456:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(lvalue(lp), text, (size_t) ntext); data/vile-9.8u/buffer.c:2730:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; data/vile-9.8u/buffer.c:2772:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ques[30 + NBUFN]; data/vile-9.8u/buffer.c:3036:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NFILEN]; data/vile-9.8u/builtflt.c:165:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((FltOptions('t') = atoi(value)) <= 0) data/vile-9.8u/builtflt.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defining[NSTRING]; data/vile-9.8u/builtflt.c:207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[NFILEN]; data/vile-9.8u/builtflt.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leafname[NSTRING]; data/vile-9.8u/builtflt.c:588:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bfr1[NSTRING]; data/vile-9.8u/builtflt.c:612:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bfr1, "%c%d", CTL_A, length); data/vile-9.8u/charsets.c:640:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + dst, buffer + src, marklen); data/vile-9.8u/csrch.c:102:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[2]; data/vile-9.8u/curses.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tc_parsed[TCAPSLEN]; data/vile-9.8u/curses.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tc_rawdata[4096]; data/vile-9.8u/dirstuff.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[NAM$C_MAXRSS + 1]; /* result: SYS$SEARCH */ data/vile-9.8u/dirstuff.h:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dd_esa[NAM$C_MAXRSS + 1]; /* result: SYS$PARSE */ data/vile-9.8u/dirstuff.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[NFILEN]; data/vile-9.8u/dirstuff.h:132:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define opendir(n) fopen(n,"r") data/vile-9.8u/display.c:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/display.c:785:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/display.c:865:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "\\u%04X", value & ((1 << MaxCBits) - 1)); data/vile-9.8u/display.c:882:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "\\?%02X", CharOf(*src)); data/vile-9.8u/display.c:981:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NU_WIDTH + 2]; data/vile-9.8u/display.c:1734:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char my_overlay[20]; data/vile-9.8u/display.c:3407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char left_ms[MAX_FORMAT]; data/vile-9.8u/display.c:3408:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char right_ms[MAX_FORMAT]; data/vile-9.8u/display.c:3409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_FORMAT / 2]; data/vile-9.8u/display.c:3595:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%02X", char_at_mark(wp->w_dot)); data/vile-9.8u/display.c:3659:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[NSTRING]; data/vile-9.8u/display.c:3763:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lchar_pad[4]; data/vile-9.8u/display.c:3765:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_FORMAT / 2]; data/vile-9.8u/display.c:3767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lchar[2]; data/vile-9.8u/display.c:3769:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char left_ms[MAX_FORMAT]; data/vile-9.8u/display.c:3771:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char right_ms[MAX_FORMAT]; data/vile-9.8u/display.c:4638:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/display.c:5086:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[20]; data/vile-9.8u/display.c:5092:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/vile-9.8u/display.c:5187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[2]; data/vile-9.8u/djhandl.c:77:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char handler[16] = data/vile-9.8u/djhandl.c:118:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Tempbuf, "Handler at segment %x", new_handler_info.rm_segment); data/vile-9.8u/djhandl.c:150:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Tempbuf, "Critical error code is %d", error_code); data/vile-9.8u/edef.h:96:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. decl_uninit( char vl_uppercase[N_chars + 1] ); data/vile-9.8u/edef.h:97:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. decl_uninit( char vl_lowercase[N_chars + 1] ); data/vile-9.8u/edef.h:150:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. decl_uninit( char screen_desc[NBUFN] ); /* rough description of screen */ data/vile-9.8u/eightbit.c:143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[80]; data/vile-9.8u/eightbit.c:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[80]; data/vile-9.8u/eightbit.c:404:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/eightbit.c:564:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cp_value[80]; data/vile-9.8u/eightbit.c:743:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char input[80]; data/vile-9.8u/encrypt.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char schluessel[16][KS]; data/vile-9.8u/encrypt.c:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char E[KS]; data/vile-9.8u/encrypt.c:178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[KS]; data/vile-9.8u/encrypt.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char (*schl)[KS] = decr ? schluessel + 15 : schluessel; data/vile-9.8u/encrypt.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[BS]; data/vile-9.8u/encrypt.c:226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp1[IS]; data/vile-9.8u/encrypt.c:232:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(E, E0, KS); data/vile-9.8u/encrypt.c:253:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char retkey[14]; data/vile-9.8u/encrypt.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[BS + 2]; data/vile-9.8u/estruct.h:1634:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc[NBUFN]; data/vile-9.8u/estruct.h:1937:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((void *)tmpp, (void *)ptr, tmpold * sizeof(type)); \ data/vile-9.8u/estruct.h:2219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b_bname[NBUFN]; /* Buffer name */ data/vile-9.8u/estruct.h:2228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b_cryptkey[NKEYLEN]; /* encryption key */ data/vile-9.8u/estruct.h:2612:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void (*open) (void); /* Open terminal at the start. */ data/vile-9.8u/estruct.h:3148:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # undef memcpy data/vile-9.8u/eval.c:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/eval.c:244:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *) fsm_charclass_choices, data/vile-9.8u/eval.c:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[2]; data/vile-9.8u/eval.c:587:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. list[s].u_name = (char *) Names[s]; data/vile-9.8u/eval.c:648:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/eval.c:732:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/eval.c:774:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char downcased[NSTRING]; data/vile-9.8u/eval.c:924:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/eval.c:1069:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/eval.c:1266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *arg[MAXARGS]; /* function arguments */ data/vile-9.8u/eval.c:1925:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[NLINE]; data/vile-9.8u/eval.c:1926:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[NLINE]; data/vile-9.8u/eval.c:2031:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[NLINE]; data/vile-9.8u/eval.c:2676:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/eval.c:2677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; data/vile-9.8u/eval.c:2806:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NBUFN]; data/vile-9.8u/eval.c:3192:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[12]; data/vile-9.8u/eval.c:3220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[8]; data/vile-9.8u/eval.c:3236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[8]; data/vile-9.8u/exec.c:562:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cspec[NLINE]; /* text of command spec */ data/vile-9.8u/exec.c:1621:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NSTRING]; data/vile-9.8u/exec.c:1622:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[NSTRING]; data/vile-9.8u/exec.c:1663:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; /* name of buffer to use */ data/vile-9.8u/exec.c:1855:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[NBUFN]; data/vile-9.8u/exec.c:1859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[NBUFN]; /* name of buffer to execute */ data/vile-9.8u/exec.c:1886:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bufn[NBUFN]; /* name of buffer to execute */ data/vile-9.8u/exec.c:2626:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(cmdp, lvalue(lp), linlen); data/vile-9.8u/exec.c:2986:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; /* name of file to execute */ data/vile-9.8u/exec.c:3098:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufname[NBUFN]; data/vile-9.8u/file.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[NLINE]; data/vile-9.8u/file.c:286:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); /* (re)open */ data/vile-9.8u/file.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/file.c:377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[NFILEN]; data/vile-9.8u/file.c:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/file.c:526:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; data/vile-9.8u/file.c:588:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/file.c:710:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/file.c:759:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; /* file user wishes to find */ data/vile-9.8u/file.c:781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN], *short_f; data/vile-9.8u/file.c:820:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *aname, tmp[NFILEN], strlines[128], strchars[128]; data/vile-9.8u/file.c:828:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strlines, "%d", nline); data/vile-9.8u/file.c:829:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strchars, "%lu", nchar); data/vile-9.8u/file.c:886:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/file.c:973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/file.c:1003:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[NBUFN]; /* buffer name to put file */ data/vile-9.8u/file.c:1004:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfname[NFILEN]; /* canonical form of 'fname' */ data/vile-9.8u/file.c:1288:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char locker[100]; data/vile-9.8u/file.c:1648:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NFILEN]; data/vile-9.8u/file.c:1979:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/file.c:2045:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[NBUFN * 2]; data/vile-9.8u/file.c:2046:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffixbuf[NBUFN]; data/vile-9.8u/file.c:2093:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/file.c:2407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN], *fn; data/vile-9.8u/file.c:2510:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/file.c:2624:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/file.c:2851:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dirnam[NSTRING] = ""; data/vile-9.8u/file.c:2853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filnam[NFILEN]; data/vile-9.8u/file.c:2857:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[(NFILEN * 2) + 250]; data/vile-9.8u/file.c:2860:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/file.c:2861:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_buffer[NSTRING]; data/vile-9.8u/file.c:2943:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[128]; data/vile-9.8u/file.c:2945:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(hostname, "unknown"); data/vile-9.8u/filec.c:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/filec.c:315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/filec.c:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leaf[NFILEN]; data/vile-9.8u/filec.c:399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char head[NFILEN]; data/vile-9.8u/filec.c:417:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leaf[NFILEN]; data/vile-9.8u/filec.c:418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char head[NFILEN]; data/vile-9.8u/filec.c:439:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leaf[NFILEN]; data/vile-9.8u/filec.c:440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char head[NFILEN]; data/vile-9.8u/filec.c:563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/filec.c:571:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(path, "*.*"); data/vile-9.8u/filec.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[NFILEN + 2]; data/vile-9.8u/filec.c:692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN + 2]; data/vile-9.8u/filec.c:945:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[NFILEN]; data/vile-9.8u/filec.c:963:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frac[NFILEN]; data/vile-9.8u/filec.c:1186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Reply[NFILEN]; data/vile-9.8u/filec.c:1277:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[80]; data/vile-9.8u/filec.c:1314:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Reply[NFILEN]; data/vile-9.8u/fileio.c:57:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ifp = fopen(SL_TO_BSL(src), FOPEN_READ)) != 0) { data/vile-9.8u/fileio.c:58:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ofp = fopen(SL_TO_BSL(dst), FOPEN_WRITE)) != 0) { data/vile-9.8u/fileio.c:184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tname[NFILEN]; data/vile-9.8u/fileio.c:197:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(t, ".bak"); data/vile-9.8u/fileio.c:242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[NFILEN]; data/vile-9.8u/fileio.c:343:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). } else if ((ffp = fopen(SL_TO_BSL(fn), FOPEN_READ)) == NULL) { data/vile-9.8u/fileio.c:381:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ffd = open(SL_TO_BSL(fn), O_WRONLY | O_CREAT, 0600)) < 0) { data/vile-9.8u/fileio.c:423:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ffp = fopen(SL_TO_BSL(fn), mode)) == NULL) { data/vile-9.8u/fileio.c:431:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/fileio.c:443:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ffp = fopen(fn, FOPEN_WRITE)) == NULL) { data/vile-9.8u/fileio.c:499:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(SL_TO_BSL(fn), O_WRONLY | O_APPEND)) < 0) { data/vile-9.8u/fileio.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/fileio.c:694:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ffp = fopen(temp, FOPEN_READ); data/vile-9.8u/fileio.c:866:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fflinebuf, lvalue(ffcursor), i); data/vile-9.8u/filters/atr2html.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/vile-9.8u/filters/atr2html.c:112:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "^%c", ch + '@'); data/vile-9.8u/filters/ecrypt.c:222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/vile-9.8u/filters/ecrypt.c:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char real_key[KEY_LIMIT]; data/vile-9.8u/filters/ecrypt.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_key[KEY_LIMIT]; data/vile-9.8u/filters/ecrypt.c:334:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(name, "r"); data/vile-9.8u/filters/ecrypt.c:344:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char empty[1]; data/vile-9.8u/filters/ecrypt.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[KEY_LIMIT]; data/vile-9.8u/filters/ecrypt.c:347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[256]; data/vile-9.8u/filters/filterio.c:30:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char empty[1]; data/vile-9.8u/filters/filterio.c:73:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((FltOptions('t') = atoi(value)) <= 0) data/vile-9.8u/filters/filterio.c:236:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char desktop[256]; data/vile-9.8u/filters/filterio.c:292:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/vile-9.8u/filters/filterio.c:486:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((my_in = fopen(name, "r")) != 0) { data/vile-9.8u/filters/filterio.c:495:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((my_in = fopen(name, "r")) != 0) { data/vile-9.8u/filters/filters.c:396:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define OPEN_IT(p) if ((fp = fopen(p, "r")) != 0) { \ data/vile-9.8u/filters/filters.c:406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char myLeaf[20]; data/vile-9.8u/filters/genmake.c:23:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parse(char *buffer, const char *list[MAXFIELD]) data/vile-9.8u/filters/genmake.c:23:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parse(char *buffer, const char *list[MAXFIELD]) data/vile-9.8u/filters/genmake.c:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[BUFSIZ]; data/vile-9.8u/filters/genmake.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[BUFSIZ]; data/vile-9.8u/filters/genmake.c:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *list[MAXFIELD]; data/vile-9.8u/filters/genmake.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *data[BUFSIZ]; data/vile-9.8u/filters/genmake.c:124:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (*++s == 0 || (fp = fopen(s, "a")) == 0) { data/vile-9.8u/filters/genmake.c:177:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(redir, "a"); data/vile-9.8u/filters/manfilt.c:264:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char target[10]; data/vile-9.8u/filters/manfilt.c:1022:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[n], "r"); data/vile-9.8u/filters/pl-filt.c:1403:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(the_file + the_size, line, len + 1); data/vile-9.8u/filters/pl6filt.c:1403:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(the_file + the_size, line, len + 1); data/vile-9.8u/filters/rubyfilt.c:1479:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(the_file + the_size, line, len + 1); data/vile-9.8u/finderr.c:38:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char febuff[NBUFN]; /* name of buffer to find errors in */ data/vile-9.8u/finderr.c:401:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) (exp_table[exp_count].exp_comp)); data/vile-9.8u/finderr.c:613:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *dir_stack[DIRLEVELS + 1]; data/vile-9.8u/finderr.c:667:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ferrfile[NFILEN]; data/vile-9.8u/finderr.c:907:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NFILEN + 1]; data/vile-9.8u/finderr.c:931:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/finderr.c:962:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "\\%d", exp_table[j].words[k]); data/vile-9.8u/glob.c:541:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(path, "/*.*"); data/vile-9.8u/glob.c:543:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(path, "*.*"); data/vile-9.8u/glob.c:622:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NFILEN]; data/vile-9.8u/glob.c:658:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old[NFILEN + 1]; data/vile-9.8u/glob.c:710:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[NFILEN]; data/vile-9.8u/glob.c:793:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char actual[NFILEN]; data/vile-9.8u/glob.c:816:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/glob.c:857:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char builtup[NFILEN]; data/vile-9.8u/glob.c:858:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pattern[NFILEN]; data/vile-9.8u/glob.c:888:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[FILENAME_MAX + 1]; data/vile-9.8u/glob.c:889:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX + 1]; data/vile-9.8u/glob.c:947:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/glob.c:968:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *vec[2]; data/vile-9.8u/globals.c:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[NLINE]; data/vile-9.8u/gnreight.h:48:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lower[128]; data/vile-9.8u/gnreight.h:49:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char upper[128]; data/vile-9.8u/gnreight.h:50:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctype[128]; data/vile-9.8u/gppconio.c:578:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; /* this is buggy, because buffer might be too small. */ data/vile-9.8u/input.c:281:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80]; data/vile-9.8u/input.c:282:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expect[80]; data/vile-9.8u/input.c:288:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(expect, " register"); data/vile-9.8u/input.c:290:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(expect, " or"); data/vile-9.8u/input.c:292:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(expect, " line-count"); data/vile-9.8u/input.c:593:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/input.c:1257:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[NFILEN]; data/vile-9.8u/input.c:1528:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extbuf, tb_values(temp), bufn); data/vile-9.8u/input.c:2547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/insert.c:413:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[NLINE]; data/vile-9.8u/insert.c:1025:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tstring[NPAT + 1]; /* string to add */ data/vile-9.8u/insert.c:1086:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tnumber[NPAT + 1]; /* number to add */ data/vile-9.8u/lckfiles.c:42:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(lockfile, FOPEN_READ)) != (FILE *) 0) { data/vile-9.8u/lckfiles.c:45:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(who, "'Can't read .lck'"); data/vile-9.8u/lckfiles.c:51:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(who, "'Can't open .lck'"); data/vile-9.8u/lckfiles.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockfile[NFILEN]; data/vile-9.8u/lckfiles.c:81:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(lockfile, FOPEN_WRITE)) != (FILE *) 0) { data/vile-9.8u/lckfiles.c:86:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(who, "'Can't write .lck'"); data/vile-9.8u/lckfiles.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockfile[NFILEN]; data/vile-9.8u/lckfiles.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char who[100]; data/vile-9.8u/line.c:449:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&ntext[0], &lvalue(lp1)[0], (size_t) doto); data/vile-9.8u/line.c:458:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&ntext[doto + n], data/vile-9.8u/line.c:1053:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(&ntext[0], &lvalue(lp1)[0], (size_t) len); data/vile-9.8u/line.c:1059:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(lvalue(lp1) + len, lvalue(lp2), (size_t) add); data/vile-9.8u/line.c:1136:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *) (kbs[n].kbufp)); data/vile-9.8u/line.c:1325:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[2]; data/vile-9.8u/line.c:1758:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[2]; data/vile-9.8u/line.c:1829:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char respbuf[NFILEN]; data/vile-9.8u/line.c:1980:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[2]; data/vile-9.8u/main.c:368:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startkey[NKEYLEN]; /* initial encryption key */ data/vile-9.8u/main.c:828:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("tt:", O_RDONLY, S_IREAD); /* or sys$command */ data/vile-9.8u/main.c:1237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/main.c:1280:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/vile-9.8u/main.c:1890:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/main.c:1894:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%.*s_MENU", (int) (sizeof(temp) - 6), prognam); data/vile-9.8u/main.c:2749:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char membuf[20]; data/vile-9.8u/main.c:2899:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/vile-9.8u/main.c:2987:8: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. pid = vfork(); /* VAX C and DEC C have a 'vfork()' */ data/vile-9.8u/main.c:3032:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/main.c:3036:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). && ((fp = fopen(temp, "w")) != 0)) { data/vile-9.8u/map.c:130:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char esc_seq[NSTRING]; data/vile-9.8u/map.c:696:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). keyfd = open(tfilenam, O_CREAT | O_WRONLY, 0600); data/vile-9.8u/map.c:713:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((kp->d_chunk), data/vile-9.8u/menu.c:20:14: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define fork vfork data/vile-9.8u/menu.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[NSTRING]; data/vile-9.8u/menu.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char action[NSTRING]; data/vile-9.8u/menu.c:43:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/vile-9.8u/menu.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[NFILEN]; data/vile-9.8u/menu.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[sizeof(MenuToken) + NLINE]; data/vile-9.8u/menu.c:268:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, source, slen); data/vile-9.8u/menu.c:319:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp = (int) atoi(ptr_tok); data/vile-9.8u/menu.c:387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[80]; data/vile-9.8u/menu.c:388:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label, "Menu%d", count); data/vile-9.8u/menu.c:430:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(macro_text, "execute-macro-%d", token->macro); data/vile-9.8u/menu.c:637:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[NLINE]; data/vile-9.8u/mktbls.c:206:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *bindings[LEN_CHRSET]; data/vile-9.8u/mktbls.c:207:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *conditions[LEN_CHRSET]; data/vile-9.8u/mktbls.c:209:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *tblname[MAX_BIND] = data/vile-9.8u/mktbls.c:217:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *prefname[MAX_BIND] = data/vile-9.8u/mktbls.c:327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:396:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(name, "w")) == 0) { data/vile-9.8u/mktbls.c:473:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cond[MAX_BUFFER]; data/vile-9.8u/mktbls.c:537:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_BUFFER]; data/vile-9.8u/mktbls.c:850:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(strcat(strcpy(base + 2, "no"), temp + 2), "+2"); data/vile-9.8u/mktbls.c:850:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcat(strcat(strcpy(base + 2, "no"), temp + 2), "+2"); data/vile-9.8u/mktbls.c:859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, temp[MAX_BUFFER], line[MAX_BUFFER], *vec[MAX_PARSE]; data/vile-9.8u/mktbls.c:895:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER], line[MAX_BUFFER], *vec[MAX_PARSE]; data/vile-9.8u/mktbls.c:923:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER], line[MAX_BUFFER]; data/vile-9.8u/mktbls.c:924:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *vec[MAX_PARSE], *s; data/vile-9.8u/mktbls.c:966:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t_normal[LEN_BUFFER], t_abbrev[LEN_BUFFER]; data/vile-9.8u/mktbls.c:967:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. my_strncat(strcpy(t_normal, "no"), normal, sizeof(t_normal)); data/vile-9.8u/mktbls.c:969:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. my_strncat(strcpy(t_abbrev, "no"), abbrev, sizeof(t_abbrev)); data/vile-9.8u/mktbls.c:1009:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER], *s; data/vile-9.8u/mktbls.c:1099:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:1173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char norm[LEN_BUFFER], abbr[LEN_BUFFER], type[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char normal[LEN_BUFFER], abbrev[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_name[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1250:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char part_name[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_name[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1303:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t_normal[LEN_BUFFER], t_abbrev[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1304:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. my_strncat(strcpy(t_normal, "no"), normal, sizeof(t_normal)); data/vile-9.8u/mktbls.c:1306:17: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. my_strncat(strcpy(t_abbrev, "no"), abbrev, sizeof(t_abbrev)); data/vile-9.8u/mktbls.c:1359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char norm[LEN_BUFFER], type[LEN_BUFFER], abbr[LEN_BUFFER], temp[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1629:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[LEN_BUFFER], norm[LEN_BUFFER], type[LEN_BUFFER]; data/vile-9.8u/mktbls.c:1724:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:1810:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:1871:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. s = append(strcpy(temp, "extern const CMDFUNC f_"), func); data/vile-9.8u/mktbls.c:1953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:2078:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:2205:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. defp += sprintf(defp, "|'%c'", *cp++); data/vile-9.8u/mktbls.c:2272:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[20]; data/vile-9.8u/mktbls.c:2287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *vec[MAX_PARSE]; data/vile-9.8u/mktbls.c:2288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_BUFFER]; data/vile-9.8u/mktbls.c:2289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char func[LEN_BUFFER]; data/vile-9.8u/mktbls.c:2290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[LEN_BUFFER]; data/vile-9.8u/mktbls.c:2291:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char funchelp[MAX_BUFFER]; data/vile-9.8u/mktbls.c:2292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_fcond[LEN_BUFFER]; data/vile-9.8u/mktbls.c:2293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fcond[LEN_BUFFER]; data/vile-9.8u/mktbls.c:2294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modetype[LEN_BUFFER]; data/vile-9.8u/mktbls.c:2308:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((cmdtbl = fopen(inputfile = argv[1], "r")) == NULL) { data/vile-9.8u/modes.c:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, name, len); data/vile-9.8u/modes.c:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:1129:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *) (fsm_tbl[fsm_idx].lists->choices), data/vile-9.8u/modes.c:1166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[NLINE]; data/vile-9.8u/modes.c:1167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char respbuf[NFILEN]; data/vile-9.8u/modes.c:1634:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:1696:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char respbuf[NSTRING]; data/vile-9.8u/modes.c:2218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[NSTRING]; data/vile-9.8u/modes.c:2219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[NSTRING]; data/vile-9.8u/modes.c:2234:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prompt, "Color+attributes(%.*s) ", data/vile-9.8u/modes.c:2337:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[80]; data/vile-9.8u/modes.c:3407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:3977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:4073:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TYPECAST(char *, my_mode_list), all_modes, (j + 1) * data/vile-9.8u/modes.c:4241:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "Buffer"); data/vile-9.8u/modes.c:4279:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longname[NSTRING]; data/vile-9.8u/modes.c:4280:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:4392:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(my_majormodes[j].subq, q_valnames, sizeof(q_valnames)); data/vile-9.8u/modes.c:4411:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(my_majormodes[j].qual, m_valnames, sizeof(m_valnames)); data/vile-9.8u/modes.c:4524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/modes.c:5310:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char respbuf[NFILEN]; data/vile-9.8u/modes.c:5553:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/npopen.c:313:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *myName[2]; /* name of temporary file for pipe */ data/vile-9.8u/npopen.c:331:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(myName[n], O_RDWR)) < 0) { data/vile-9.8u/npopen.c:416:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *myWrtr = fopen(myName[0], "r"); data/vile-9.8u/npopen.c:495:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *myWrtr = fopen(myName[0], "r"); data/vile-9.8u/ntwinio.c:192:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[20]; data/vile-9.8u/ntwinio.c:193:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "h%p", hwnd); data/vile-9.8u/ntwinio.c:196:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "sb%d", n); data/vile-9.8u/ntwinio.c:277:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[20]; data/vile-9.8u/ntwinio.c:284:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%#x", code); data/vile-9.8u/ntwinio.c:316:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[80]; data/vile-9.8u/ntwinio.c:325:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%#x", code); data/vile-9.8u/ntwinio.c:661:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[NLINE + 1]; data/vile-9.8u/ntwinio.c:662:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstring[NLINE + 1]; /* string to add */ data/vile-9.8u/ntwinio.c:1071:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/vile-9.8u/ntwinio.c:1569:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[80]; data/vile-9.8u/ntwinio.c:1573:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, " ctrl"); data/vile-9.8u/ntwinio.c:1575:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, " alt"); data/vile-9.8u/ntwinio.c:1577:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, " shift"); data/vile-9.8u/ntwinio.c:2318:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char accel[NSTRING], buf[NSTRING * 2]; data/vile-9.8u/ntwinio.c:2407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/vile-9.8u/ntwinio.c:3836:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/vile-9.8u/ntwinio.c:3853:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d cols X %d rows", term.cols, term.rows); data/vile-9.8u/ntwinio.c:3874:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d cols X %d rows", w, h); data/vile-9.8u/ntwinio.c:4623:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/nullterm.c:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/oneliner.c:200:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((char *) substexp, (char *) gregexp, data/vile-9.8u/oneliner.c:236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/vile-9.8u/oneliner.c:501:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(buf_delins, exp->startp[0], dlength); data/vile-9.8u/opers.c:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/opers.c:343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/os2keys.h:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq[2]; data/vile-9.8u/os2pipe.c:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/vile-9.8u/os2vio.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char TextBuf[TEXT_BUFFER_SIZE]; data/vile-9.8u/os2vio.c:547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[24]; data/vile-9.8u/path.c:42:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[NFILEN]; data/vile-9.8u/path.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lscmd[NFILEN + sizeof(fmt)]; data/vile-9.8u/path.c:290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save_path[NFILEN]; data/vile-9.8u/path.c:291:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save_leaf[NFILEN]; data/vile-9.8u/path.c:479:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char desktop[NFILEN]; data/vile-9.8u/path.c:498:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/path.c:699:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char target[NFILEN]; data/vile-9.8u/path.c:863:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(temp_path + 1, de->d_name, namelen); data/vile-9.8u/path.c:900:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_file[MAX_PATH]; data/vile-9.8u/path.c:919:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(new_file, old_file, len); data/vile-9.8u/path.c:958:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(sofar, current, len); data/vile-9.8u/path.c:992:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drive_name[3]; data/vile-9.8u/path.c:993:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[sizeof(FSQBUFFER2) + 3 * CCHMAXPATH]; data/vile-9.8u/path.c:1021:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_file[NFILEN + 2]; data/vile-9.8u/path.c:1061:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(sofar, current, len); data/vile-9.8u/path.c:1147:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/path.c:1149:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp2[NFILEN]; data/vile-9.8u/path.c:1150:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp3[NFILEN]; data/vile-9.8u/path.c:1253:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(tt, ".DIR"); data/vile-9.8u/path.c:1272:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(tt + 1, "[000000]"); data/vile-9.8u/path.c:1293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/path.c:1458:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_esa[NAM$C_MAXRSS + 1]; /* expanded: sys$parse */ data/vile-9.8u/path.c:1459:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_rsa[NAM$C_MAXRSS + 1]; /* result: sys$search */ data/vile-9.8u/path.c:1464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/path.c:1501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN], leaf[NFILEN]; data/vile-9.8u/path.c:1505:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(SL_TO_BSL(path), O_RDONLY, 0)) >= 0) { data/vile-9.8u/path.c:1590:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(temp + 1, ":/"); data/vile-9.8u/path.c:1801:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftype[NFILEN]; data/vile-9.8u/path.c:1927:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(fname, "*.*"); data/vile-9.8u/path.c:1931:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(buf, "*.*"); data/vile-9.8u/path.c:1933:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(buf, "\\*.*"); data/vile-9.8u/path.c:2114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/path.c:2116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char find[NFILEN]; data/vile-9.8u/path.c:2140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char find[NFILEN]; data/vile-9.8u/path.c:2176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char working[NFILEN]; data/vile-9.8u/path.c:2177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char find[NFILEN]; data/vile-9.8u/path.c:2251:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(trunc_buf, ">>>"); data/vile-9.8u/path.c:2254:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(trunc_buf, "..."); data/vile-9.8u/path.c:2273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN]; data/vile-9.8u/plugin.c:23:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[NSTRING - sizeof(PLUGIN_INIT_NAME)] = ""; data/vile-9.8u/plugin.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leafname[NSTRING]; data/vile-9.8u/plugin.c:25:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symname[NSTRING]; data/vile-9.8u/proto.h:531:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define scan_int(s) atoi(s) data/vile-9.8u/proto.h:1470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char face[256]; /* Font face requested by user. If no face data/vile-9.8u/proto.h:1722:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). extern int atoi (const char *s); data/vile-9.8u/proto.h:1816:46: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #if defined(MISSING_EXTERN_OPEN) && !defined(open) data/vile-9.8u/proto.h:1817:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). extern int open (char *path, int flags); data/vile-9.8u/random.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevdir[NFILEN]; data/vile-9.8u/random.c:1039:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char current_dirname[NFILEN]; data/vile-9.8u/random.c:1189:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *cwds[26]; /* list of current dirs on each drive */ data/vile-9.8u/random.c:1242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cdirname[NFILEN]; data/vile-9.8u/random.c:1309:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[FILENAME_MAX + 1]; data/vile-9.8u/random.c:1352:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exdir[NFILEN], *exdp, cdpathdir[NFILEN], tmp[NFILEN]; data/vile-9.8u/random.c:1428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tmp, newdir[NFILEN]; data/vile-9.8u/random.c:1513:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NFILEN]; data/vile-9.8u/random.c:1857:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. dirstack = castalloc(char *, data/vile-9.8u/random.c:1861:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. safe_castrealloc(char *, data/vile-9.8u/random.c:1922:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldcwd[NFILEN], *path; data/vile-9.8u/random.c:1972:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldcwd[NFILEN], newcwd[NFILEN], *tmp, *cp; data/vile-9.8u/random.c:2050:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp, newcwd[NFILEN]; data/vile-9.8u/random.c:2151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufup[128], bufdn[128], rslt[NFILEN * 2]; data/vile-9.8u/random.c:2155:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufup, "+%d", up); data/vile-9.8u/random.c:2156:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufdn, "-%d", dn); data/vile-9.8u/random.c:2162:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufup, "+%d", up); data/vile-9.8u/random.c:2163:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bufdn, "-%d", dn); data/vile-9.8u/random.c:2234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newdir[NFILEN], savedcwd[NFILEN]; data/vile-9.8u/random.c:2310:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result = atoi(str); data/vile-9.8u/random.c:2351:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(str); data/vile-9.8u/random.c:2413:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "\\u%04x", ch & 0xffff); data/vile-9.8u/random.c:2423:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "\\%03o", ch); data/vile-9.8u/random.c:2425:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "^?"); data/vile-9.8u/random.c:2427:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "^%c", ch | '@'); data/vile-9.8u/random.c:2440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/vile-9.8u/regexp.c:1172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chr_value[sizeof(int)]; data/vile-9.8u/regexp.c:1177:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp.chr_value, &(macro(op)), sizeof(int)); \ data/vile-9.8u/regexp.c:1195:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(macro(op)), temp.chr_value, sizeof(int)) data/vile-9.8u/regexp.c:2026:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *save_1stp[NSUBEXP]; \ data/vile-9.8u/regexp.c:2027:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *save_endp[NSUBEXP] data/vile-9.8u/regexp.c:2037:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regstartp, save_1stp, sizeof(save_1stp)); \ data/vile-9.8u/regexp.c:2038:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regendp, save_endp, sizeof(save_endp)); \ data/vile-9.8u/regexp.c:2039:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reg_cnts, save_cnts, sizeof(save_cnts)) data/vile-9.8u/regexp.c:2048:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *best_1stp[NSUBEXP]; \ data/vile-9.8u/regexp.c:2049:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *best_endp[NSUBEXP] data/vile-9.8u/regexp.c:2053:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_1stp, regstartp, sizeof(save_1stp)); \ data/vile-9.8u/regexp.c:2054:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_endp, regendp, sizeof(save_endp)); \ data/vile-9.8u/regexp.c:2055:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_cnts, reg_cnts, sizeof(save_cnts)) data/vile-9.8u/regexp.c:2065:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_1stp, regstartp, sizeof(save_1stp)); \ data/vile-9.8u/regexp.c:2066:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_endp, regendp, sizeof(save_endp)); \ data/vile-9.8u/regexp.c:2067:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(best_cnts, reg_cnts, sizeof(save_cnts)); \ data/vile-9.8u/regexp.c:2073:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regstartp, best_1stp, sizeof(save_1stp)); \ data/vile-9.8u/regexp.c:2074:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regendp, best_endp, sizeof(save_endp)); \ data/vile-9.8u/regexp.c:2075:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reg_cnts, best_cnts, sizeof(save_cnts)) data/vile-9.8u/regexp.c:2352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *repeats[LOCAL_RPTS]; data/vile-9.8u/regexp.c:2566:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/regexp.c:2577:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(temp, "(0)"); data/vile-9.8u/regexp.c:2579:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "(%d)", (int) ((s - program) + (next - s))); data/vile-9.8u/regexp.c:2600:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/regexp.c:2614:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "start `%#x' ", r->regstart); data/vile-9.8u/regexp.c:2618:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "anchored "); data/vile-9.8u/regexp.c:2637:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[50]; data/vile-9.8u/regexp.c:2662:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(STRSKIP(buf), "OPEN%d", OP(op) - OPEN); data/vile-9.8u/regexp.c:2667:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(STRSKIP(buf), "CLOSE%d", OP(op) - CLOSE); data/vile-9.8u/regexp.c:2680:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(STRSKIP(buf), "%d", get_RR_MIN(op)); data/vile-9.8u/regexp.c:2683:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(STRSKIP(buf), "%d", get_RR_MAX(op)); data/vile-9.8u/regexp.c:2684:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(STRSKIP(buf), "%c", R_CURL); data/vile-9.8u/regexp.c:2727:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char empty[1]; data/vile-9.8u/regexp.c:3249:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[n], "r"); data/vile-9.8u/region.c:1212:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/region.c:1215:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%ld", count); data/vile-9.8u/region.c:1231:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "C%X", color); data/vile-9.8u/region.c:1355:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. encode_one_attribute(&result, (long) (k - j), (char *) 0, data/vile-9.8u/region.c:1469:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/search.c:773:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NPAT]; data/vile-9.8u/select.c:692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NLINE]; data/vile-9.8u/select.c:1384:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; data/vile-9.8u/spawn.c:157:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/spawn.c:262:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/spawn.c:336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char save[NLINE], temp[NLINE], line[NLINE + 1]; data/vile-9.8u/spawn.c:387:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:414:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/spawn.c:449:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/spawn.c:475:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:517:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oline[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:518:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:521:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char filnam[NSTRING] = "command"; data/vile-9.8u/spawn.c:731:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oline[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:732:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:808:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oline[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:809:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:882:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oline[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:883:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[NLINE]; /* command line send to shell */ data/vile-9.8u/spawn.c:884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnam[NFILEN]; /* place to store real file name */ data/vile-9.8u/spawn.c:914:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(line, " <fltinp >fltout"); data/vile-9.8u/spawn.c:927:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NLINE]; data/vile-9.8u/spawn.c:929:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcat(strcpy(t, " <fltinp"), temp); data/vile-9.8u/spawn.c:931:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(line, " <fltinp"); data/vile-9.8u/spawn.c:933:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(line, " >fltout"); data/vile-9.8u/spawn.c:1163:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN * 2]; data/vile-9.8u/spawn.c:1235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp, buf[NFILEN]; data/vile-9.8u/spawn.c:1444:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rslt, buf[NFILEN * 2]; data/vile-9.8u/spawn.c:1462:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rslt, "find "); data/vile-9.8u/spawn.c:1577:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xargstr, **vec, *rslt, buf[NFILEN * 2]; data/vile-9.8u/spawn.c:1617:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rslt, "find "); data/vile-9.8u/statevar.c:542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/statevar.c:583:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/tags.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tagname[NFILEN + 2]; /* +2 since we may add a tab later */ data/vile-9.8u/tags.c:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tagbufname[NBUFN]; data/vile-9.8u/tags.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tagfilename[NFILEN]; data/vile-9.8u/tags.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_name[sizeof(tagname)]; data/vile-9.8u/tags.c:639:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char last_bname[NBUFN]; data/vile-9.8u/tags.c:650:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tfname[NFILEN]; data/vile-9.8u/tags.c:933:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/tags.c:957:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/tags.c:1010:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; data/vile-9.8u/tcap.c:20:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tc_parsed[TCAPSLEN]; data/vile-9.8u/tcap.c:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tc_rawdata[4096]; data/vile-9.8u/tcap.c:450:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(screen_desc, "NORMAL"); data/vile-9.8u/tcap.c:675:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmp[BUFSIZ], *t; data/vile-9.8u/tcap.h:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/tcap.h:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/tcap.h:193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/tcap.h:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/tcap.h:218:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/tcap.h:226:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; data/vile-9.8u/termio.c:222:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tobuf[TBUFSIZ]; /* terminal output buffer */ data/vile-9.8u/termio.c:392:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tobuf[TBUFSIZ]; /* terminal output buffer */ data/vile-9.8u/termio.c:522:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tobuf[TBUFSIZ]; /* terminal output buffer */ data/vile-9.8u/termio.c:1205:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *widthp = atoi(e); data/vile-9.8u/termio.c:1210:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *heightp = atoi(e); data/vile-9.8u/termio.c:1215:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *widthp = atoi(e); data/vile-9.8u/termio.c:1218:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *heightp = atoi(e); data/vile-9.8u/termio.c:1255:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termp->open = term.open; data/vile-9.8u/termio.c:1268:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (term.open == termp->open) { data/vile-9.8u/termio.c:1269:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/termio.c:1275:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/termio.c:1282:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (save_term.open != term.open) { data/vile-9.8u/termio.c:1282:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (save_term.open != term.open) { data/vile-9.8u/termio.c:1285:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). term.open(); data/vile-9.8u/trace.c:34:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #undef fopen /* avoid conflict with 'fakevms.c' */ data/vile-9.8u/trace.c:95:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("ETrace.out", mode); data/vile-9.8u/trace.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/trace.c:263:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen("Trace.out", "w"); data/vile-9.8u/trace.c:363:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "^?"); data/vile-9.8u/trace.c:365:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "^%c", ch | '@'); data/vile-9.8u/trace.c:368:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "\\u%04x", ch); data/vile-9.8u/trace.c:371:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "\\x%02x", ch); data/vile-9.8u/trace.c:373:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "\\\\"); data/vile-9.8u/trace.c:409:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dummy[indent_gap + 1] = "? "; data/vile-9.8u/trace.c:563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/trace.c:762:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, oldp, limit); data/vile-9.8u/trace.c:1114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/vile-9.8u/trace.c:1115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/ucrypt.c:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NKEYLEN]; data/vile-9.8u/ucrypt.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/ucrypt.c:60:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[80]; data/vile-9.8u/ucrypt.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[NKEYLEN]; data/vile-9.8u/undo.c:631:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(lvalue(nlp), lvalue(lp), (size_t) llength(lp)); data/vile-9.8u/undo.c:823:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(ntext, lvalue(ulp), (size_t) llength(ulp)); data/vile-9.8u/version.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char version_string[NSTRING]; data/vile-9.8u/version.c:263:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/vile-9.8u/visvile/commands.cpp:23:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char workspace_cwd[FILENAME_MAX + 1]; data/vile-9.8u/visvile/commands.cpp:150:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(file, "%S.plg", bstr_prjname); data/vile-9.8u/visvile/commands.cpp:270:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logpath[FILENAME_MAX + 1], file[FILENAME_MAX + 1]; data/vile-9.8u/visvile/commands.cpp:306:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[FILENAME_MAX * 5 + 1], data/vile-9.8u/visvile/oleauto.cpp:103:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, data/vile-9.8u/visvile/oleauto.cpp:468:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024], line[64], cd[512]; data/vile-9.8u/visvile/oleauto.cpp:496:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(line, ":%ld\n", lineno); data/vile-9.8u/vl_crypt.h:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2]; data/vile-9.8u/vl_crypt.h:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[LEN_CLEAR]; data/vile-9.8u/vl_crypt.h:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[2]; data/vile-9.8u/vl_regex.h:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *startp[NSUBEXP]; data/vile-9.8u/vl_regex.h:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *endp[NSUBEXP]; data/vile-9.8u/vl_regex.h:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char program[1]; /* Unwarranted chumminess with compiler. */ data/vile-9.8u/vms2unix.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN]; data/vile-9.8u/vms2unix.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leaf[NFILEN]; data/vile-9.8u/vms2unix.c:90:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(strcpy(leaf, tail), data/vile-9.8u/vms2unix.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rfm_option[80]; data/vile-9.8u/vms2unix.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rat_option[80]; data/vile-9.8u/vms2unix.c:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len_option[80]; data/vile-9.8u/vms2unix.c:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expnd_file_buffer[NAM$C_MAXRSS + 1]; data/vile-9.8u/vms2unix.c:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rslt_file_buffer[NAM$C_MAXRSS + 1]; data/vile-9.8u/vms2unix.c:321:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[NFILEN]; data/vile-9.8u/vms2unix.c:323:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NFILEN]; data/vile-9.8u/vms2unix.c:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leading[NFILEN]; data/vile-9.8u/vms2unix.c:566:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[NFILEN]; data/vile-9.8u/vms2unix.c:609:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current[NFILEN]; data/vile-9.8u/vms2unix.c:612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NFILEN]; data/vile-9.8u/vmspipe.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inmname[65]; data/vile-9.8u/vmspipe.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outmname[65]; /* mailbox name string */ data/vile-9.8u/vmspipe.c:171:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pfile = open(outmname, O_RDONLY, S_IREAD); data/vile-9.8u/vmspipe.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pre_command[132 + 12]; data/vile-9.8u/vmspipe.c:192:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(pre_command, "DEFINE/USER SYS$INPUT "); data/vile-9.8u/vmspipe.c:235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAXBFR]; data/vile-9.8u/vmspipe.c:244:12: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if ((pp = tmpfile()) != 0) { data/vile-9.8u/vmsvt.c:185:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char obuf[NOBUF]; /* Output buffer */ data/vile-9.8u/vmsvt.c:188:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ibuf[NIBUF]; /* Input buffer */ data/vile-9.8u/vmsvt.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/vile-9.8u/vmsvt.c:405:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char storage[1024]; data/vile-9.8u/vmsvt.c:667:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NLINE]; data/vile-9.8u/w32cbrd.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/vile-9.8u/w32cbrd.c:310:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, kp->d_chunk, size); data/vile-9.8u/w32cbrd.c:678:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, target, len); data/vile-9.8u/w32cbrd.c:690:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lvalue(DOT.l) + base, data, chunk); data/vile-9.8u/w32cmd.c:50:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char custFilter[128] = "All Files (*.*)\0*.*\0"; data/vile-9.8u/w32cmd.c:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[NFILEN]; data/vile-9.8u/w32cmd.c:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldcwd[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newcwd[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char validated_dir[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[NFILEN]; data/vile-9.8u/w32cmd.c:358:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuf[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char validated_dir[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldcwd[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:361:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newcwd[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:364:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scratch[FILENAME_MAX]; data/vile-9.8u/w32cmd.c:421:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sys_filebuf, tmp_filebuf, strlen(filebuf) * sizeof(W32_CHAR)); data/vile-9.8u/w32cmd.c:521:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[NFILEN]; data/vile-9.8u/w32cmd.c:665:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *cp; data/vile-9.8u/w32cmd.c:681:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "unknown error code (%ld)", errcode); data/vile-9.8u/w32cmd.c:1001:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char footbuf[256]; data/vile-9.8u/w32cmd.c:1008:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(footbuf, "%lu", (ULONG) pparam->pagenum); data/vile-9.8u/w32cmd.c:1066:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. nout = sprintf(dst, "%6lu ", line_num); data/vile-9.8u/w32cmd.c:1633:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(logfont->lfFaceName, facename, length * sizeof(W32_CHAR)); data/vile-9.8u/w32cmd.c:1649:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[LF_FACESIZE * 2 + 128]; data/vile-9.8u/w32cmd.c:1739:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN + 64]; data/vile-9.8u/w32cmd.c:1832:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdm_print, pdm_setup, nbytes); data/vile-9.8u/w32cmd.c:2069:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdm_setup, pdm_print, nbytes); data/vile-9.8u/w32cmd.c:2125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_name[32]; data/vile-9.8u/w32cmd.c:2251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[FILENAME_MAX + 1]; data/vile-9.8u/w32cmd.c:2274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_name[32]; data/vile-9.8u/w32cmd.c:2558:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *newlist[MAX_RECENT_FILES + MAX_RECENT_FLDRS + 1]; /* overdim'd */ data/vile-9.8u/w32cmd.c:2585:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_name[32]; data/vile-9.8u/w32cmd.c:2625:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_name[32]; data/vile-9.8u/w32misc.c:416:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shell[NFILEN]; data/vile-9.8u/w32misc.c:1418:14: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). ULONG len = MultiByteToWideChar(CP_ACP, data/vile-9.8u/w32misc.c:1427:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). (void) MultiByteToWideChar(CP_ACP, data/vile-9.8u/w32misc.c:1484:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, source, length); data/vile-9.8u/w32ole.cpp:86:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("c:\\temp\\w32ole.log", "a"); data/vile-9.8u/w32ole.cpp:238:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(target, "\\s"); data/vile-9.8u/w32ole.cpp:241:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(target, "\\\\"); data/vile-9.8u/w32ole.cpp:244:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(target, "\\n"); data/vile-9.8u/w32ole.cpp:247:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(target, "\\r"); data/vile-9.8u/w32ole.cpp:250:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(target, "\\t"); data/vile-9.8u/w32ole.cpp:253:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(target, "\\f"); data/vile-9.8u/w32ole.cpp:258:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(target, "%c", (char) source[n]); data/vile-9.8u/w32ole.cpp:262:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(target, "\\%03o", (unsigned char) source[n]); data/vile-9.8u/w32ole.cpp:619:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp, key[NFILEN]; data/vile-9.8u/w32ole.cpp:623:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[NFILEN * 2]; data/vile-9.8u/w32ole.cpp:832:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NFILEN]; /* wait for this file */ data/vile-9.8u/w32ole.cpp:1270:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/vile-9.8u/w32ole.cpp:1565:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/vile-9.8u/w32ole.cpp:1570:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/vile-9.8u/w32ole.cpp:1586:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/vile-9.8u/w32ole.cpp:1589:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/vile-9.8u/w32oo.cpp:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[FILENAME_MAX]; data/vile-9.8u/w32oo.cpp:131:19: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). len = MultiByteToWideChar(CP_ACP, data/vile-9.8u/w32oo.cpp:143:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, data/vile-9.8u/w32oo.cpp:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bslbuf[FILENAME_MAX + 1], selected_folder[FILENAME_MAX + 1]; data/vile-9.8u/w32oo.cpp:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN]; data/vile-9.8u/w32oo.cpp:277:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN]; data/vile-9.8u/w32pipe.c:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN + 128]; data/vile-9.8u/w32pipe.c:323:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpin_fd = open(tmpin_name, data/vile-9.8u/w32pipe.c:456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN + 128]; data/vile-9.8u/w32pipe.c:474:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stdin_fd = open(stdin_name, data/vile-9.8u/w32pipe.c:493:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpin_fd = open(tmpin_name, data/vile-9.8u/w32pipe.c:507:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*fr = fopen(stdin_name, "r")) == NULL) data/vile-9.8u/w32pipe.c:517:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stdout_fd = open(stdout_name, data/vile-9.8u/w32pipe.c:567:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*fr = fopen(stdin_name, "r")) == NULL) { data/vile-9.8u/w32pipe.c:593:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN + 128]; data/vile-9.8u/w32pipe.c:601:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stdout_fd = open(stdout_name, O_RDONLY | O_BINARY)) == BAD_FD) { data/vile-9.8u/w32pipe.c:642:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NFILEN + 128]; data/vile-9.8u/w32pipe.c:663:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stdout_fd = open(stdout_name, O_RDONLY | O_BINARY)) == BAD_FD) { data/vile-9.8u/w32reg.c:118:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[512], name[64], editor_path[NFILEN]; data/vile-9.8u/w32reg.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[NFILEN * 2]; data/vile-9.8u/w32reg.c:121:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR fullpath[NFILEN]; data/vile-9.8u/w32reg.c:160:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(key, "\\CLSID"); data/vile-9.8u/w32reg.c:198:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(key, "\\CLSID"); data/vile-9.8u/w32reg.c:221:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(key, "\\ProgID"); data/vile-9.8u/w32reg.c:248:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(value, " -invisible"); data/vile-9.8u/w32reg.c:250:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(value, " -multiple"); data/vile-9.8u/w32reg.c:252:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value + strlen(value), data/vile-9.8u/w32reg.c:309:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(key, "\\9\\win32"); data/vile-9.8u/w32reg.c:333:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(key, "\\TypeLib"); data/vile-9.8u/w32reg.c:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keytop[512], keysub[512], name[64]; data/vile-9.8u/w32reg.c:464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NFILEN], name[128], *s; data/vile-9.8u/w32reg.c:512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[NFILEN + 256]; data/vile-9.8u/window.c:219:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbuf[20]; data/vile-9.8u/wvwrap.cpp:43:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("c:\\temp\\wvwrap.log", "a"); data/vile-9.8u/wvwrap.cpp:97:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, source, len); data/vile-9.8u/wvwrap.cpp:110:14: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). ULONG len = MultiByteToWideChar(CP_ACP, data/vile-9.8u/wvwrap.cpp:119:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). (void) MultiByteToWideChar(CP_ACP, data/vile-9.8u/wvwrap.cpp:130:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, source, len); data/vile-9.8u/wvwrap.cpp:186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512], *tmp; data/vile-9.8u/wvwrap.cpp:253:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dst, "\026x%02x", ch); data/vile-9.8u/wvwrap.cpp:406:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR folder[FILENAME_MAX]; data/vile-9.8u/wvwrap.cpp:423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MY_BUFSIZ]; data/vile-9.8u/wvwrap.cpp:436:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[MY_BUFSIZ]; data/vile-9.8u/x11.c:1616:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[80]; data/vile-9.8u/x11.c:1627:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "%4X/%4X/%4X", color.red, color.green, color.blue); data/vile-9.8u/x11.c:3520:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[2]; data/vile-9.8u/x11.c:3830:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((char *) dp, (char *) kp->d_chunk, len); data/vile-9.8u/x11.c:3858:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((char *) dp, (char *) kp->d_chunk, len); data/vile-9.8u/x11.c:5233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/vile-9.8u/x11.c:5577:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char x_window_name[NFILEN]; data/vile-9.8u/x11.c:5580:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char x_icon_name[NFILEN]; data/vile-9.8u/x11.c:5841:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *s, *t, *ns, *end, buf[32]; data/vile-9.8u/x11.c:5896:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(t, "@im="); data/vile-9.8u/x11menu.c:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[50]; data/vile-9.8u/x11menu.c:217:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_buff = atoi(&accel[1]); data/vile-9.8u/x11menu.c:295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[NBUFN + 2 + NFILEN], temp[1 + NFILEN], *p; data/vile-9.8u/x11menu.c:309:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "_%d", nb_item_menu_list); data/vile-9.8u/x11plain.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/vile-9.8u/x11plain.c:454:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024], *s; data/vile-9.8u/x11plain.c:495:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%ld", (long)val); \ data/vile-9.8u/xterm.c:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[NSTRING]; data/vile-9.8u/xtermkeys.h:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/vile-9.8u/xtermkeys.h:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[BUFSIZ]; data/vile-9.8u/xtermkeys.h:301:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[80]; data/vile-9.8u/xtermkeys.h:314:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[BUFSIZ]; data/vile-9.8u/api.c:567:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mp = mstr + strlen(mstr); data/vile-9.8u/bind.c:133:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(bindings_by_name[n].name, name, strlen(name))) { data/vile-9.8u/bind.c:1126:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. result = strcat(strcat(strcpy(dst, "\""), src), "\""); data/vile-9.8u/bind.c:1126:25: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. result = strcat(strcat(strcpy(dst, "\""), src), "\""); data/vile-9.8u/bind.c:1153:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(dst, "\t"); data/vile-9.8u/bind.c:1156:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(dst, "\t"); data/vile-9.8u/bind.c:1169:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buffer); data/vile-9.8u/bind.c:1172:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(buffer, "\t"); data/vile-9.8u/bind.c:1336:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define isShortCmd(s) ((int) strlen(s) <= SHORT_CMD_LEN) data/vile-9.8u/bind.c:1564:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pass == 0 && (int) strlen(nametbl[j].n_name) <= SHORT_CMD_LEN) data/vile-9.8u/bind.c:1602:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nl = strlen(needle); data/vile-9.8u/bind.c:1603:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t hl = strlen(haystack); data/vile-9.8u/bind.c:1694:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *dname = (char *) malloc(NFILEN + strlen(fname) + 10); data/vile-9.8u/bind.c:2054:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((size_t) (ptr - base) + (len = strlen(src)) + need + 2) < limit) { \ data/vile-9.8u/bind.c:2084:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(temp); data/vile-9.8u/bind.c:2178:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (length < (int) (1 + strlen(temp + 1) + (size_t) (CharOf(c) == 0))) { data/vile-9.8u/bind.c:2306:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(nptr->n_name) > SHORT_CMD_LEN) { data/vile-9.8u/bind.c:2372:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(fname); data/vile-9.8u/bind.c:2417:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(kk); data/vile-9.8u/bind.c:2514:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(kk) > 2 && !strncmp(kk, "M-", (size_t) 2)) { data/vile-9.8u/bind.c:2829:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = NEXT_DATA(first), maxlen = strlen(THIS_NAME(first)); data/vile-9.8u/bind.c:2832:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(THIS_NAME(p)); data/vile-9.8u/bind.c:2840:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(b, buf, slashcol); data/vile-9.8u/bind.c:2841:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(&b[slashcol], &(THIS_NAME(first))[slashcol], data/vile-9.8u/bind.c:3120:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (StrNcmp(buf, THIS_NAME(nbp), strlen(buf)) == 0) { data/vile-9.8u/bind.c:3133:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). StrNcmp(buf, NEXT_NAME(nbp), strlen(buf)) != 0) { data/vile-9.8u/bind.c:3156:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pos = strlen(buf); data/vile-9.8u/bind.c:3582:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(outseq); i++) { data/vile-9.8u/blist.c:97:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int actual = (int) strlen(name); data/vile-9.8u/blist.c:151:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len > (int) strlen(item)) { data/vile-9.8u/btree.c:563:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name); data/vile-9.8u/btree.c:815:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = t + strlen(t); data/vile-9.8u/btree.c:847:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((list = btree_parray(&text_tree, t, strlen(t))) != 0) { data/vile-9.8u/buffer.c:446:12: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(line, ""); data/vile-9.8u/buffer.c:458:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) lsprintf(line + strlen(line), " %d%s%s %s", data/vile-9.8u/buffer.c:1153:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mls_patterns[n].expr), TRUE); data/vile-9.8u/buffer.c:1641:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((exp = regcomp(bufn, strlen(bufn), TRUE)) != 0) { data/vile-9.8u/buffer.c:1873:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(dst)) != 0 data/vile-9.8u/buffer.c:1884:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(src); data/vile-9.8u/buffer.c:1888:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(&dst[1], src, len); data/vile-9.8u/buffer.c:2303:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) memcpy(lvalue(curlp) + 6, temp, strlen(temp)); data/vile-9.8u/buffer.c:2444:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = add_line_at(bp, prevp, text, (int) strlen(text)); data/vile-9.8u/builtflt.c:86:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == len data/vile-9.8u/builtflt.c:132:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t needed = strlen(current_filter->filter_name) + 11 + strlen(s); data/vile-9.8u/builtflt.c:132:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t needed = strlen(current_filter->filter_name) + 11 + strlen(s); data/vile-9.8u/builtflt.c:138:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(command, " "); data/vile-9.8u/builtflt.c:215:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) < NSTRING - 30) { data/vile-9.8u/builtflt.c:220:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) + strlen(leafname) + 3 >= sizeof(filename)) data/vile-9.8u/builtflt.c:220:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) + strlen(leafname) + 3 >= sizeof(filename)) data/vile-9.8u/builtflt.c:262:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/vile-9.8u/builtflt.c:489:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int need = (int) strlen(separator); data/vile-9.8u/builtflt.c:596:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bfr1, marker, limit)[limit] = EOS; data/vile-9.8u/builtflt.c:613:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = strlen(bfr1); data/vile-9.8u/builtflt.c:616:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last = bfr1 + strlen(bfr1); data/vile-9.8u/charsets.c:387:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t need = (size_t) nbuf + strlen(ending); data/vile-9.8u/charsets.c:388:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lend = strlen(ending); data/vile-9.8u/curses.c:216:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE(("tc_rawdata used %d of %d\n", strlen(tc_rawdata), sizeof(tc_rawdata))); data/vile-9.8u/curses.c:323:11: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = getchar(); data/vile-9.8u/display.c:136:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = (int) strlen(s); data/vile-9.8u/display.c:268:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE2(("dofmt fmt='%s'\n", visible_buff(fmt, strlen(fmt), FALSE))); data/vile-9.8u/display.c:1776:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = term.cols - (int) strlen(my_overlay) - 1; data/vile-9.8u/display.c:3393:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define HaveEnough(string) ((ms + strlen(string)) - base < MAX_FORMAT) data/vile-9.8u/display.c:3686:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tb_bappend(result, left_ms, strlen(left_ms)); data/vile-9.8u/display.c:3704:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). right_offs = str_col2offs(wp, n, right_ms, (int) strlen(right_ms)); data/vile-9.8u/display.c:3812:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = (int) strlen(from); data/vile-9.8u/display.c:3844:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (my_col = term.cols - (13 + strlen(temp)); data/vile-9.8u/display.c:4770:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = bputsn(src, (int) strlen(src)); data/vile-9.8u/display.c:4814:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(src); data/vile-9.8u/dumbterm.c:64:12: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return getchar(); data/vile-9.8u/eightbit.c:193:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (B_COUNT) strlen(table_8bit_utf8[n].text)); data/vile-9.8u/eightbit.c:293:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (exp = regcomp(on_left, strlen(on_left), TRUE)) != 0) { data/vile-9.8u/eightbit.c:294:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(wide); data/vile-9.8u/eightbit.c:297:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((result = malloc(strlen(wide) + 2 + strlen(on_right))) != 0) { data/vile-9.8u/eightbit.c:297:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((result = malloc(strlen(wide) + 2 + strlen(on_right))) != 0) { data/vile-9.8u/eval.c:109:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(s), data/vile-9.8u/eval.c:456:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(p->u_value), data/vile-9.8u/eval.c:502:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(p->u_value), data/vile-9.8u/eval.c:597:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = strlen(v); data/vile-9.8u/eval.c:793:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(token); data/vile-9.8u/eval.c:832:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len_to = (int) strlen(to); data/vile-9.8u/eval.c:851:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((int) strlen(path) > 1) { data/vile-9.8u/eval.c:852:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *last = path + strlen(path) - 1; data/vile-9.8u/eval.c:860:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(path) > 2) { data/vile-9.8u/eval.c:861:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *last = path + strlen(path) - 1; data/vile-9.8u/eval.c:1077:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(space); data/vile-9.8u/eval.c:1141:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(classname); data/vile-9.8u/eval.c:1433:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = (long) strlen(arg[0]); data/vile-9.8u/eval.c:1578:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch (choice_to_code(&fsm_path_blist, arg[0], strlen(arg[0]))) { data/vile-9.8u/eval.c:2194:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return src + strlen(src); data/vile-9.8u/eval.c:2228:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return src + strlen(src); data/vile-9.8u/eval.c:2291:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bprintf(" %c%d%sC", (char) CONTROL_A, (int) strlen(name), attr); data/vile-9.8u/eval.c:3111:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tb_alloc(&tkbuf, NFILEN + strlen(argp)); data/vile-9.8u/eval.c:3195:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sz = strlen(val); data/vile-9.8u/eval.c:3223:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return choice_to_code(&fsm_bool_blist, temp, strlen(temp)) == TRUE; data/vile-9.8u/eval.c:3225:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(temp, "true", strlen(temp)); data/vile-9.8u/eval.c:3239:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return choice_to_code(&fsm_bool_blist, temp, strlen(temp)) == FALSE; data/vile-9.8u/eval.c:3241:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(temp, "false", strlen(temp)); data/vile-9.8u/eval.c:3330:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s) + 1; data/vile-9.8u/eval.c:3351:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(label); data/vile-9.8u/exec.c:511:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int end_input = (int) strlen(cspec); data/vile-9.8u/exec.c:623:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = fnp[strlen(fnp) - 1]; data/vile-9.8u/exec.c:897:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & BANG) && (fnp[strlen(fnp) - 1] == '!')) { data/vile-9.8u/exec.c:1609:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). execstr += strlen(execstr); data/vile-9.8u/exec.c:1635:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code = choice_to_code(&fsm_paramtypes_blist, name, strlen(name)); data/vile-9.8u/exec.c:1978:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && must_quote_token(p->p_value, strlen(p->p_value))) { data/vile-9.8u/exec.c:1980:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). append_quoted_token(&tmp, p->p_value, strlen(p->p_value)); data/vile-9.8u/exec.c:2460:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). level = (int) strlen(indent) - (3 * level); data/vile-9.8u/exec.c:2775:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(cmdp) + 2); data/vile-9.8u/file.c:24:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). #define vl_umask(n) umask(n) data/vile-9.8u/file.c:374:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strcspn(bp->b_fname, ":[];") != strlen(bp->b_fname)) { data/vile-9.8u/file.c:830:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lines_len = (int) strlen(strlines); data/vile-9.8u/file.c:831:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). chars_len = (int) strlen(strchars); data/vile-9.8u/file.c:835:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(action) + data/vile-9.8u/file.c:838:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(PLURAL(nline)) + data/vile-9.8u/file.c:839:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(PLURAL(nchar)) data/vile-9.8u/file.c:1012:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (strlen(fname) > (size_t) NBUFN - 1)) { data/vile-9.8u/file.c:1108:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && ((strlen(fname) > (size_t) NBUFN - 1) /* too big to be a bname */ data/vile-9.8u/file.c:2052:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(name); data/vile-9.8u/file.c:2054:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(strcpy(name, NO_BNAME)); data/vile-9.8u/file.c:2059:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(suffixbuf, "-"); data/vile-9.8u/file.c:2801:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(np) < 32 && data/vile-9.8u/file.c:2895:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcat(strcpy(temp, "V"), bp->b_bname), data/vile-9.8u/filec.c:90:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(path); data/vile-9.8u/filec.c:108:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(path); data/vile-9.8u/filec.c:354:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *dots = strlen(leaf); data/vile-9.8u/filec.c:376:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *dots = strlen(leaf); data/vile-9.8u/filec.c:406:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(t, "/"); data/vile-9.8u/filec.c:600:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) bs_find(path, strlen(path), bp, (LINE **) 0); data/vile-9.8u/filec.c:623:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(leaf, de->d_name, (size_t) (de->d_namlen)); data/vile-9.8u/filec.c:664:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) makeString(bp, buf_head(bp), s, strlen(s)); data/vile-9.8u/filec.c:666:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) bs_find(path, strlen(path), bp, (LINE **) 0); data/vile-9.8u/filec.c:703:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name) - 1; data/vile-9.8u/filec.c:744:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) makeString(bp, buf_head(bp), path, strlen(path)); data/vile-9.8u/filec.c:746:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) bs_find(path, strlen(path), bp, (LINE **) 0); data/vile-9.8u/filec.c:796:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "."); data/vile-9.8u/filec.c:798:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(temp); data/vile-9.8u/filec.c:799:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). want = strlen(path); data/vile-9.8u/filec.c:833:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(name); data/vile-9.8u/filec.c:1002:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while ((size_t) *pos < strlen(path)) data/vile-9.8u/filec.c:1040:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((newlen = strlen(path)) == 3 data/vile-9.8u/filec.c:1041:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (oldlen = strlen(buf)) == 2 data/vile-9.8u/filec.c:1075:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlen = strlen(path); data/vile-9.8u/filec.c:1091:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlen = strlen(path); data/vile-9.8u/filec.c:1096:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlen = strlen(path); data/vile-9.8u/filec.c:1102:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlen = strlen(path); data/vile-9.8u/filec.c:1123:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *pos = strlen(buf); data/vile-9.8u/fileio.c:189:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch (choice_to_code(&fsm_backup_blist, gvalfileback, strlen(gvalfileback))) { data/vile-9.8u/fileio.c:211:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(t, "~"); data/vile-9.8u/fileio.c:273:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cache[n].fn) == 0) data/vile-9.8u/fileio.c:660:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). got = read(fileno(ffp), buf + *have, ask); data/vile-9.8u/filters/c-filt.c:58:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, base, need); data/vile-9.8u/filters/c-filt.c:334:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c_length = (int) strlen(s); data/vile-9.8u/filters/c-filt.c:519:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c_length = (int) strlen(s); data/vile-9.8u/filters/c-filt.c:529:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c_length = (int) strlen(s); data/vile-9.8u/filters/c-filt.c:545:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c_length = (int) strlen(s); data/vile-9.8u/filters/ecrypt.c:232:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp_key, key, len)[len] = '\0'; data/vile-9.8u/filters/ecrypt.c:233:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(real_key, key, len)[len] = '\0'; data/vile-9.8u/filters/ecrypt.c:242:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ue_crypt(key, (unsigned) strlen(key)); data/vile-9.8u/filters/ecrypt.c:309:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(userkey); data/vile-9.8u/filters/ecrypt.c:322:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(key, userkey, (size_t) KEY_LIMIT); data/vile-9.8u/filters/ecrypt.c:323:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) memset(userkey, '.', strlen(userkey)); data/vile-9.8u/filters/ecrypt.c:366:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(param) > KEY_LIMIT - 1) { data/vile-9.8u/filters/ecrypt.c:370:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(key, param, (size_t) KEY_LIMIT); data/vile-9.8u/filters/ecrypt.c:371:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) memset(param, '.', strlen(param)); data/vile-9.8u/filters/filterio.c:42:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *option += strlen(*option) - 1; data/vile-9.8u/filters/filterio.c:106:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/vile-9.8u/filters/filterio.c:274:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ns = typeallocn(char, strlen(src) + 1); data/vile-9.8u/filters/filters.c:161:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data->kw_size = strlen(data->kw_name); data/vile-9.8u/filters/filters.c:349:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name != 0 && strlen(name) != 0) { data/vile-9.8u/filters/filters.c:360:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name != 0 && (size = strlen(name)) != 0) { data/vile-9.8u/filters/filters.c:408:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = sizeof(suffix) + strlen(table_name) + 2; data/vile-9.8u/filters/filters.c:423:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(path) data/vile-9.8u/filters/filters.c:424:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(str_keyword_file) data/vile-9.8u/filters/filters.c:447:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(path) + strlen(str_keyword_file) + 2; data/vile-9.8u/filters/filters.c:447:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(path) + strlen(str_keyword_file) + 2; data/vile-9.8u/filters/filters.c:508:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(src); data/vile-9.8u/filters/filters.c:598:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(flt_bfr_text + flt_bfr_used, text, (size_t) length); data/vile-9.8u/filters/filters.c:1214:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((name = do_alloc(name, strlen(text), &used)) != 0) { data/vile-9.8u/filters/genmake.c:25:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(buffer); data/vile-9.8u/filters/genmake.c:60:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/vile-9.8u/filters/genmake.c:75:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/vile-9.8u/filters/genmake.c:108:18: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) parse(strcpy(input, ""), list); data/vile-9.8u/filters/genmake.c:129:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s) - 1; data/vile-9.8u/filters/genmake.c:134:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s) - 1; data/vile-9.8u/filters/key-filt.c:184:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), Literal_attr); data/vile-9.8u/filters/key-filt.c:191:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), Literal_attr); data/vile-9.8u/filters/key-filt.c:222:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), Literal_attr); data/vile-9.8u/filters/key-filt.c:224:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), Error_attr); data/vile-9.8u/filters/key-filt.c:227:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), Error_attr); data/vile-9.8u/filters/key-filt.c:252:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), attr); data/vile-9.8u/filters/key-filt.c:259:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), Literal_attr); data/vile-9.8u/filters/key-filt.c:266:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), Literal_attr); data/vile-9.8u/filters/key-filt.c:273:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), Literal_attr); data/vile-9.8u/filters/key-filt.c:293:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(param, (int) strlen(param), Literal_attr); data/vile-9.8u/filters/key-filt.c:321:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(t, (int) strlen(t), ""); data/vile-9.8u/filters/key-filt.c:324:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(t, (int) strlen(t), Error_attr); data/vile-9.8u/filters/key-filt.c:366:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(line, (int) strlen(line), Error_attr); data/vile-9.8u/filters/key-filt.c:415:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(t, (int) strlen(t), attr1); data/vile-9.8u/filters/key-filt.c:419:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), attr2); data/vile-9.8u/filters/key-filt.c:421:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), Error_attr); data/vile-9.8u/filters/key-filt.c:424:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(t, (int) strlen(t), Error_attr); data/vile-9.8u/filters/key-filt.c:467:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), Comment_attr); data/vile-9.8u/filters/m4-filt.c:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q->used = strlen(s); data/vile-9.8u/filters/m4-filt.c:196:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(v, r, need); data/vile-9.8u/filters/m4-filt.c:323:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name + has_cpp, base, extra); data/vile-9.8u/filters/m4-filt.c:327:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/vile-9.8u/filters/m4-filt.c:427:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer + used, s, need); data/vile-9.8u/filters/m4-filt.c:440:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer + used, s, need); data/vile-9.8u/filters/pl-filt.c:543:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(marker); data/vile-9.8u/filters/pl-filt.c:1395:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(line); /* FIXME: nulls? */ data/vile-9.8u/filters/pl-filt.c:1553:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. marker = strcpy(try_mark, "."); data/vile-9.8u/filters/pl6filt.c:543:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(marker); data/vile-9.8u/filters/pl6filt.c:1395:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(line); /* FIXME: nulls? */ data/vile-9.8u/filters/pl6filt.c:1552:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. marker = strcpy(try_mark, "."); data/vile-9.8u/filters/rubyfilt.c:575:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(marker); data/vile-9.8u/filters/rubyfilt.c:1471:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(line); /* FIXME: nulls? */ data/vile-9.8u/filters/sed-filt.c:51:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/vile-9.8u/filters/sed-filt.c:63:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/vile-9.8u/filters/sed-filt.c:202:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/vile-9.8u/filters/sed-filt.c:280:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s = line); data/vile-9.8u/filters/tagsfilt.c:80:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flt_puts(s, (int) strlen(s), Comment_attr); data/vile-9.8u/finderr.c:233:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define APP_T(S) if (pass == 1) want += strlen(S); \ data/vile-9.8u/finderr.c:380:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exp = regcomp(temp, strlen(temp), TRUE); data/vile-9.8u/finderr.c:822:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(errtext); data/vile-9.8u/glob.c:51:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define DirEntryLen(p) strlen(DirEntryStr(p)) data/vile-9.8u/glob.c:389:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(path, "."); data/vile-9.8u/glob.c:394:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/vile-9.8u/glob.c:398:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(s, pattern, len); data/vile-9.8u/glob.c:436:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(leaf, "."); data/vile-9.8u/glob.c:440:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(leaf, de->d_name, len); data/vile-9.8u/glob.c:520:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(path, "."); data/vile-9.8u/glob.c:524:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/vile-9.8u/glob.c:528:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s, pattern, len)[len] = EOS; data/vile-9.8u/glob.c:539:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/vile-9.8u/glob.c:759:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) (strlen(pattern) + strlen(s) + 2) < NFILEN) { data/vile-9.8u/glob.c:759:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) (strlen(pattern) + strlen(s) + 2) < NFILEN) { data/vile-9.8u/glob.c:762:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j += (int) strlen(s) - 1; data/vile-9.8u/glob.c:819:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(temp, de->d_name, len); data/vile-9.8u/glob.c:1072:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(item))) { data/vile-9.8u/input.c:574:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void) term.getc(); data/vile-9.8u/input.c:1145:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (buf)->tb_used = strlen(str); data/vile-9.8u/lckfiles.c:43:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). l = read(fileno(fp), who, (size_t) (n - 1)); data/vile-9.8u/lckfiles.c:83:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fileno(fp), who, strlen(who)); data/vile-9.8u/main.c:493:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *t = typeallocn(char, strlen(prog_arg) + 5); data/vile-9.8u/main.c:1335:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst = castalloc(char, strlen(src) + 1); data/vile-9.8u/main.c:2851:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(dest, src, destlen); data/vile-9.8u/main.c:2865:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srclen = (src != 0) ? (strlen(src) + 1) : 0; data/vile-9.8u/main.c:2874:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srclen = (src != 0) ? (strlen(src) + 1) : 0; data/vile-9.8u/main.c:2875:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t oldlen = strlen(dest); data/vile-9.8u/makeargv.c:71:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int maxargs = 2 + ((int) strlen(cmdline) + 2) / 2; data/vile-9.8u/makeargv.c:77:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((blob = typeallocn(char, strlen(cmdline) + 1)) == 0) data/vile-9.8u/map.c:268:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE2(("...addtomap %s\n", visible_buff(srv, strlen(srv), FALSE))); data/vile-9.8u/menu.c:604:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fallback[n]))) == FALSE) { data/vile-9.8u/menu.c:640:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = add_menu_entry(execstr, strlen(execstr)); data/vile-9.8u/menu.c:645:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = add_menu_entry(buffer, strlen(buffer)); data/vile-9.8u/mktbls.c:246:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(dest, src, destlen); data/vile-9.8u/mktbls.c:260:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srclen = (src != 0) ? (strlen(src) + 1) : 0; data/vile-9.8u/mktbls.c:269:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srclen = (src != 0) ? (strlen(src) + 1) : 0; data/vile-9.8u/mktbls.c:270:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t oldlen = strlen(dest); data/vile-9.8u/mktbls.c:345:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strcpy(Alloc(strlen(s) + 1), s); data/vile-9.8u/mktbls.c:467:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (dst + strlen(dst)); data/vile-9.8u/mktbls.c:502:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(buffer); data/vile-9.8u/mktbls.c:581:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (c = (int) strlen(input); c > 0 && isSpace(input[c - 1]); c--) data/vile-9.8u/mktbls.c:733:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = Alloc(4 + strlen(normal) + strlen(abbrev)); data/vile-9.8u/mktbls.c:733:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *tmp = Alloc(4 + strlen(normal) + strlen(abbrev)); data/vile-9.8u/mktbls.c:819:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). base = dst = Alloc(strlen(name) + 10); data/vile-9.8u/mktbls.c:839:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name) + 10; data/vile-9.8u/mktbls.c:844:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(temp) + 1 + (size_t) (isboolean(*type) ? 4 : 0) > len) data/vile-9.8u/mktbls.c:876:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "/* %s */", p->Note); data/vile-9.8u/mktbls.c:884:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "/* TABLESIZE(%c_valnames) -- %s */\n", data/vile-9.8u/mktbls.c:908:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "%s%s", data/vile-9.8u/mktbls.c:937:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "%s,", data/vile-9.8u/mktbls.c:945:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "VALTYPE_%s,", c2TYPE(*vec[2])); data/vile-9.8u/mktbls.c:950:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "%s },", p->Data); data/vile-9.8u/mktbls.c:971:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(t_abbrev, ""); data/vile-9.8u/mktbls.c:1024:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "= \"%s\",", p->Name); data/vile-9.8u/mktbls.c:1144:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "&f_%s", p->Func); data/vile-9.8u/mktbls.c:1308:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(t_abbrev, ""); data/vile-9.8u/mktbls.c:1671:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "VALTYPE_%s,", c2TYPE(*type)); data/vile-9.8u/mktbls.c:1673:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "\"%s\" ),", p->Note); data/vile-9.8u/mktbls.c:1831:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. s = strcpy(temp, "\n"); data/vile-9.8u/mktbls.c:2088:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "%s,", p->Data); data/vile-9.8u/mktbls.c:2090:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Sprintf(temp + strlen(temp), "\"%s\"),", p->Note); data/vile-9.8u/mktbls.c:2277:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, src, sizeof(temp) - 1); data/vile-9.8u/modes.c:173:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string += strlen(string); data/vile-9.8u/modes.c:175:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((code = choice_to_code(choices, temp, strlen(temp))) >= 0) { data/vile-9.8u/modes.c:290:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(ModeName(names->name)) data/vile-9.8u/modes.c:292:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(NonNull(string_val(names, values))); data/vile-9.8u/modes.c:673:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (rp->reg = regcomp(rp->pat, strlen(rp->pat), magic)) == 0) data/vile-9.8u/modes.c:1099:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (choice_to_code(p, val, strlen(val)) == ENUM_ILLEGAL) { data/vile-9.8u/modes.c:1221:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(rp = respbuf) data/vile-9.8u/modes.c:1352:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nval = choice_to_code(fp, rp, strlen(rp)); data/vile-9.8u/modes.c:1503:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(rp); data/vile-9.8u/modes.c:1508:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(p->shortname); data/vile-9.8u/modes.c:1596:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(rp); data/vile-9.8u/modes.c:1600:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(p->shortname); data/vile-9.8u/modes.c:2177:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return choice_to_code(&fsm_hilite_blist, name, strlen(name)); data/vile-9.8u/modes.c:2186:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return choice_to_code(&fsm_xcolors_blist, name, strlen(name)); data/vile-9.8u/modes.c:2245:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reply, strlen(reply))); data/vile-9.8u/modes.c:2259:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(prompt, "+"); data/vile-9.8u/modes.c:2371:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(value); data/vile-9.8u/modes.c:2482:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (bp)->b_recordsep_len = (int) strlen(get_record_sep(bp)); data/vile-9.8u/modes.c:3001:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst = typeallocn(char, strlen(TheMajor) + strlen(name) + 3); data/vile-9.8u/modes.c:3001:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst = typeallocn(char, strlen(TheMajor) + strlen(name) + 3); data/vile-9.8u/modes.c:4234:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = typeallocn(char, 80 + strlen(group)); data/vile-9.8u/modes.c:5023:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *d = choice_to_code(fp, s, strlen(s)); data/vile-9.8u/ntwinio.c:678:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code = choice_to_code(fp, tstring, strlen(tstring)); data/vile-9.8u/ntwinio.c:4611:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(fmt1) + strlen(prognam); data/vile-9.8u/ntwinio.c:4611:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(fmt1) + strlen(prognam); data/vile-9.8u/ntwinio.c:4614:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(fmt2) + strlen(options[n]); data/vile-9.8u/ntwinio.c:4614:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(fmt2) + strlen(options[n]); data/vile-9.8u/ntwinio.c:4616:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(fmt3) + strlen(options[n]); data/vile-9.8u/ntwinio.c:4616:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(fmt3) + strlen(options[n]); data/vile-9.8u/ntwinio.c:4625:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/vile-9.8u/ntwinio.c:4627:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp, options[n], need); data/vile-9.8u/nullterm.c:41:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(temp); data/vile-9.8u/os2vio.c:553:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(title)) { data/vile-9.8u/os2vio.c:559:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(swcntrl.szSwtitle, title, MAXNAMEL); data/vile-9.8u/path.c:84:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dummy.d_name[strlen(dummy.d_name) - 1] = EOS; data/vile-9.8u/path.c:313:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). have = strlen(strcpy(dst, path)); data/vile-9.8u/path.c:314:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (have + strlen(leaf) + 2 < NFILEN) { data/vile-9.8u/path.c:325:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). have = strlen(strcpy(dst, path)); data/vile-9.8u/path.c:326:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (have + strlen(leaf) + 2 < NFILEN) { data/vile-9.8u/path.c:677:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path_name); data/vile-9.8u/path.c:713:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (size_t) (strlen(temp_name) + got + 1)) == 0) data/vile-9.8u/path.c:819:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(de->d_name); data/vile-9.8u/path.c:837:14: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(tnp + 1, de->d_name, namelen); data/vile-9.8u/path.c:854:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(temp_path) + 1; data/vile-9.8u/path.c:918:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(old_file); data/vile-9.8u/path.c:972:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sofar += strlen(sofar); data/vile-9.8u/path.c:1071:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sofar += strlen(sofar); data/vile-9.8u/path.c:1259:14: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(tt, "/"); data/vile-9.8u/path.c:1274:14: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(ss, ":"); data/vile-9.8u/path.c:1330:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(temp, "["); /* hoping for relative-path */ data/vile-9.8u/path.c:1340:15: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(temp, "-"); data/vile-9.8u/path.c:1342:14: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(temp, "]"); data/vile-9.8u/path.c:1350:15: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(temp, "-"); data/vile-9.8u/path.c:1354:15: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(temp, "-"); data/vile-9.8u/path.c:1356:14: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. (void) strcat(temp, "."); data/vile-9.8u/path.c:1521:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_fab.fab$b_dns = strlen(my_fab.fab$l_dna); data/vile-9.8u/path.c:1524:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_fab.fab$b_fns = strlen(path); data/vile-9.8u/path.c:1604:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(temp); data/vile-9.8u/path.c:1774:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ((*fn == SCRTCH_LEFT[0]) && (fn[strlen(fn) - 1] == SCRTCH_RIGHT[0])); data/vile-9.8u/path.c:1919:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(fname); data/vile-9.8u/path.c:2033:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(p); data/vile-9.8u/path.c:2044:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(s)) > 1 data/vile-9.8u/path.c:2151:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(find) + 2; data/vile-9.8u/path.c:2153:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(t); data/vile-9.8u/path.c:2191:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need = strlen(find) + 2; data/vile-9.8u/path.c:2193:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). need += strlen(t); data/vile-9.8u/path.c:2246:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_len = (int) strlen(path); data/vile-9.8u/path.c:2285:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp = typeallocn(char, 6 + strlen(env))) != 0) { data/vile-9.8u/proto.h:168:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define str_columns(s) strlen(s) data/vile-9.8u/proto.h:1841:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). extern int read (int fd, char *buffer, size_t size); data/vile-9.8u/random.c:1113:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cwd, "/"); data/vile-9.8u/random.c:1397:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(exdp, "~"); data/vile-9.8u/random.c:1401:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int end = strlen(exdp); data/vile-9.8u/random.c:1431:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cdpathdir); data/vile-9.8u/random.c:1538:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((np = castalloc(char, strlen(fname) + NFILEN)) == NULL) { data/vile-9.8u/random.c:1540:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp->b_fnlen = (int) strlen(bp->b_fname); data/vile-9.8u/random.c:1549:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(np) + 1; data/vile-9.8u/random.c:1564:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp->b_fnlen = (int) strlen(bp->b_fname); data/vile-9.8u/random.c:1868:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirstack[dirs_idx] = castalloc(char, strlen(dir) + 1); data/vile-9.8u/random.c:1937:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirstack[dirs_idx - 1] = castalloc(char, strlen(oldcwd) + 1); data/vile-9.8u/random.c:1954:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirstack[uindx] = castalloc(char, strlen(oldcwd) + 1); data/vile-9.8u/regexp.c:501:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRSKIP(s) ((s) + strlen(s)) data/vile-9.8u/regexp.c:898:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE(("after regmassage: '%s'\n", visible_buff(exp, (int) strlen(exp), 0))); data/vile-9.8u/regexp.c:1341:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(char_classes[n].name); data/vile-9.8u/regexp.c:1889:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stringend = &string[strlen(string)]; data/vile-9.8u/regexp.c:2639:12: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. (void) strcpy(buf, ":"); data/vile-9.8u/regexp.c:2681:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, ","); data/vile-9.8u/regexp.c:2877:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst = castalloc(char, strlen(src) + 1); data/vile-9.8u/regexp.c:2965:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(fp); data/vile-9.8u/search.c:786:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || tb_bappend(apat, temp, strlen(temp)) == 0) { data/vile-9.8u/select.c:1984:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen((char *) lap); data/vile-9.8u/select.c:2089:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen((char *) (lp->l_attrs)); data/vile-9.8u/spawn.c:102:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((display_env = typeallocn(char, 20 + strlen(env))) != 0) { data/vile-9.8u/spawn.c:339:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(save, tb_values(*holds), len); data/vile-9.8u/spawn.c:988:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cdsc.dsc$w_length = strlen(cmd); data/vile-9.8u/spawn.c:1194:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, anchor, len); data/vile-9.8u/spawn.c:1242:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). shell_len = (int) strlen(buf); data/vile-9.8u/spawn.c:1280:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t toklen = strlen(token); data/vile-9.8u/statevar.c:176:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). regexp *exp = regcomp(vp, strlen(vp), TRUE); data/vile-9.8u/statevar.c:240:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return lrepl_ctype(type, vp, (int) strlen(vp)); data/vile-9.8u/statevar.c:254:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return lrepl_regex(rexp, vp, (int) strlen(vp)); data/vile-9.8u/statevar.c:1349:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vp) == 1) { data/vile-9.8u/statevar.c:1366:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vp) == 1) { data/vile-9.8u/statevar.c:1678:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int choice = choice_to_code(&fsm_cmd_encoding_blist, vp, strlen(vp)); data/vile-9.8u/statevar.c:1694:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int choice = choice_to_code(&fsm_kbd_encoding_blist, vp, strlen(vp)); data/vile-9.8u/statevar.c:1796:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int choice = choice_to_code(&fsm_title_encoding_blist, vp, strlen(vp)); data/vile-9.8u/tags.c:563:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(name); data/vile-9.8u/tags.c:609:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((exp = regcomp(patrn, strlen(patrn), FALSE)) != NULL) { data/vile-9.8u/tags.c:961:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = (int) strlen(utp->u_templ); data/vile-9.8u/tbuff.c:332:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) tb_bappend(p, s, strlen(s)); data/vile-9.8u/tbuff.c:351:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tb_bappend(p, s, strlen(s)); data/vile-9.8u/tbuff.c:376:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return tb_bappend(&p, s, strlen(s)); data/vile-9.8u/tbuff.c:676:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(value) + 1; data/vile-9.8u/tcap.c:242:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE(("tc_rawdata used %d of %d\n", strlen(tc_rawdata), sizeof(tc_rawdata))); data/vile-9.8u/tcap.h:141:27: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define vl_strncpy(d,s,l) strncpy(d,s,l) data/vile-9.8u/termio.c:810:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = (int) read(0, &c, (size_t) 1); data/vile-9.8u/termio.c:900:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(0, &kbd_char, 1); data/vile-9.8u/termio.c:929:12: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return getchar(); data/vile-9.8u/termio.c:932:9: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getchar(); data/vile-9.8u/termio.c:983:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(0, &kbd_char, 1) == 1) data/vile-9.8u/trace.c:197:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BI_DATA *p = find_elapsed(txt + strlen(T_CALLED)); data/vile-9.8u/trace.c:461:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k += (unsigned) strlen(dst); data/vile-9.8u/trace.c:491:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k += (unsigned) strlen(dst); data/vile-9.8u/trace.c:536:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return visible_buff(s, (int) strlen(s), FALSE); data/vile-9.8u/trace.c:547:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return visible_buff(s, (int) strlen(s), TRUE); data/vile-9.8u/trace.c:576:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(result, ","); data/vile-9.8u/trace.c:581:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used += strlen(temp); data/vile-9.8u/version.c:153:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). version_string[strlen(version_string) - 1] = EOS; data/vile-9.8u/visvile/oleauto.cpp:151:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(szA) + 1; data/vile-9.8u/visvile/oleauto.cpp:557:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((scratch = (char *) malloc(strlen(cmd) + 2)) == NULL) data/vile-9.8u/vl_crypt.h:73:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, crypt(key, salt), (size_t) LEN_CRYPT); data/vile-9.8u/vl_stdio.h:42:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define vl_getc(fp) getc(fp) data/vile-9.8u/vms2unix.c:47:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zfab.fab$b_dns = strlen(zfab.fab$l_dna); data/vile-9.8u/vms2unix.c:50:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zfab.fab$b_fns = strlen(filename); data/vile-9.8u/vms2unix.c:192:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fab.fab$b_fns = strlen(filename); data/vile-9.8u/vms2unix.c:267:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = strlen(base); data/vile-9.8u/vms2unix.c:342:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(strcpy(d, leading)); data/vile-9.8u/vms2unix.c:382:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(strcpy(d, home)); data/vile-9.8u/vms2unix.c:471:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/vile-9.8u/vms2unix.c:482:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/vile-9.8u/vmspipe.c:199:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pre_command, strlen(pre_command), data/vile-9.8u/vmspipe.c:212:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 0, 0, 0, cmd, strlen(cmd), 0, 0, 0, 0))) { data/vile-9.8u/vmsvt.c:584:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addtosysmap(keyseqs[i].seq, strlen(keyseqs[i].seq), keyseqs[i].code); data/vile-9.8u/w32cmd.c:232:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int) strlen(cp); data/vile-9.8u/w32cmd.c:252:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = dir2 + strlen(dir2) + 1; data/vile-9.8u/w32cmd.c:272:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp) + 1; data/vile-9.8u/w32cmd.c:421:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(sys_filebuf, tmp_filebuf, strlen(filebuf) * sizeof(W32_CHAR)); data/vile-9.8u/w32cmd.c:991:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TextOut(hndl, x, y, buffer, (int) strlen(text)); data/vile-9.8u/w32cmd.c:994:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TextOut(hndl, x, y, text, (int) strlen(text)); data/vile-9.8u/w32cmd.c:1630:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((length = (int) strlen(str_rslts->face)) > LF_FACESIZE) data/vile-9.8u/w32cmd.c:2217:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (DWORD) strlen(value) + 1); data/vile-9.8u/w32misc.c:209:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(shell); data/vile-9.8u/w32misc.c:237:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alloc_len = (int) (strlen(cmd) + strlen(shell) + SHELL_C_LEN + 1); data/vile-9.8u/w32misc.c:237:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alloc_len = (int) (strlen(cmd) + strlen(shell) + SHELL_C_LEN + 1); data/vile-9.8u/w32misc.c:250:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alloc_len = (int) strlen(cmd) * 2; /* worst case -- every cmd byte quoted */ data/vile-9.8u/w32misc.c:252:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alloc_len += (int) strlen(shell) + SHELL_C_LEN; data/vile-9.8u/w32misc.c:390:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((cmdstr = typeallocn(char, strlen(cmd) + 1)) == NULL) { data/vile-9.8u/w32misc.c:566:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((cmdstr = typeallocn(char, strlen(cmd) + 1)) == NULL) { data/vile-9.8u/w32ole.cpp:266:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target += strlen(target); data/vile-9.8u/w32ole.cpp:305:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE(("ConvertToAnsi %d->%d:%s\n", len, strlen(ansibuf), ansibuf)); data/vile-9.8u/w32ole.cpp:316:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(szA) + 1; data/vile-9.8u/w32ole.cpp:317:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE(("ConvertToUnicode %d:%s\n", strlen(szA), szA)); data/vile-9.8u/w32ole.cpp:686:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TRACE(("VileKeys %d bytes:\n%s\n", strlen(msg), msg)); data/vile-9.8u/w32reg.c:252:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(value + strlen(value), data/vile-9.8u/w32reg.c:258:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(value + strlen(value), data/vile-9.8u/word.c:451:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return any_wcs_width(value, (long) strlen(value)); data/vile-9.8u/wvwrap.cpp:94:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(source) + 1; data/vile-9.8u/wvwrap.cpp:127:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(source) + 1; data/vile-9.8u/wvwrap.cpp:209:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(szA) + 1; data/vile-9.8u/wvwrap.cpp:241:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = 4 * strlen(src) + 1; data/vile-9.8u/wvwrap.cpp:274:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t newsize = strlen(buffer) + strlen(value); data/vile-9.8u/wvwrap.cpp:274:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t newsize = strlen(buffer) + strlen(value); data/vile-9.8u/x11.c:1724:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 3 + strlen(prefix) + strlen(filename) + strlen(suffix); data/vile-9.8u/x11.c:1724:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 3 + strlen(prefix) + strlen(filename) + strlen(suffix); data/vile-9.8u/x11.c:1724:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 3 + strlen(prefix) + strlen(filename) + strlen(suffix); data/vile-9.8u/x11.c:1944:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(param); data/vile-9.8u/x11.c:3436:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0, len = (int) strlen(s), acc = 0, numbers = digits = 0; data/vile-9.8u/x11.c:3741:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(text_list[n])); data/vile-9.8u/x11.c:5592:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Prop.nitems = strlen(x_icon_name); data/vile-9.8u/x11.c:5616:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Prop.nitems = strlen(x_window_name); data/vile-9.8u/x11.c:5879:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (unsigned) (5 + strlen(s)); data/vile-9.8u/x11.c:5891:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = s + strlen(s); data/vile-9.8u/x11.c:5897:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(t, s, (size_t) (end - s)); data/vile-9.8u/x11.c:5943:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = s + strlen(s); data/vile-9.8u/x11.c:5950:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(known_style[i].name) == (end - s) data/vile-9.8u/x11menu.c:99:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *str = XtMalloc((Cardinal) strlen(nom) + 10); data/vile-9.8u/x11plain.c:38:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (newname = castalloc(char, strlen(win->fontname) + 32)) data/vile-9.8u/xterm.c:325:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check = vl_conv_to_utf32(&ch, string, strlen(string)); data/vile-9.8u/xtermkeys.h:204:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && length == (int) strlen(string) data/vile-9.8u/xtermkeys.h:227:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int) strlen(source); data/vile-9.8u/xtermkeys.h:303:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_fkey(temp, (int) strlen(temp), (int) (SPEC | j), pass); ANALYSIS SUMMARY: Hits = 1684 Lines analyzed = 154248 in approximately 3.62 seconds (42557 lines/second) Physical Source Lines of Code (SLOC) = 122346 Hits@level = [0] 118 [1] 475 [2] 797 [3] 73 [4] 333 [5] 6 Hits@level+ = [0+] 1802 [1+] 1684 [2+] 1209 [3+] 412 [4+] 339 [5+] 6 Hits/KSLOC@level+ = [0+] 14.7287 [1+] 13.7642 [2+] 9.88181 [3+] 3.3675 [4+] 2.77083 [5+] 0.0490412 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.