Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xcircuit-3.9.73+dfsg.1/schema.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/SText.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Toggle.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/WorkSpace.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/TextEditP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/DisplayP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgrP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/STextP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/MenuBtnP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/WorkSpaceP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Xw.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Display.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Button.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/Cascade.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/BBoardP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/BBoard.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/SourceStr.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/Form.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/Primitive.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/WorkSpace.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/PButton.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/SText.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/PButton.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Form.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/ResConvert.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/XwP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/CascadeP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/SourceP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Cascade.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/BBoard.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/Traversal.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Toggle.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/ToggleP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/MenuBtn.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/MenuBtn.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/sub.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/FormP.h Examining data/xcircuit-3.9.73+dfsg.1/Xw/Manager.c Examining data/xcircuit-3.9.73+dfsg.1/Xw/PButtonP.h Examining data/xcircuit-3.9.73+dfsg.1/menucalls.c Examining data/xcircuit-3.9.73+dfsg.1/w32x11.c Examining data/xcircuit-3.9.73+dfsg.1/xcwin32.c Examining data/xcircuit-3.9.73+dfsg.1/xcircuit.h Examining data/xcircuit-3.9.73+dfsg.1/selection.c Examining data/xcircuit-3.9.73+dfsg.1/libraries.c Examining data/xcircuit-3.9.73+dfsg.1/xtfuncs.c Examining data/xcircuit-3.9.73+dfsg.1/functions.c Examining data/xcircuit-3.9.73+dfsg.1/prototypes.h Examining data/xcircuit-3.9.73+dfsg.1/menus.h Examining data/xcircuit-3.9.73+dfsg.1/elements.c Examining data/xcircuit-3.9.73+dfsg.1/help.c Examining data/xcircuit-3.9.73+dfsg.1/colordefs.h Examining data/xcircuit-3.9.73+dfsg.1/xtgui.c Examining data/xcircuit-3.9.73+dfsg.1/xcircexec.c Examining data/xcircuit-3.9.73+dfsg.1/menudep.c Examining data/xcircuit-3.9.73+dfsg.1/xcwin32-colors.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/mergedup.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/names.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/names.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/eqnlist.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_dev.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/hash.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/bitlist.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/eval.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/list_search.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/README.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/list.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_template.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_extract.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/debug.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/memory.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/mergedup.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_extract.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/memory.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_funcs.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/sort.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_dev.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/xcircspice.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/hash.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/list_search.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/bitlist.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.h Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c Examining data/xcircuit-3.9.73+dfsg.1/spiceparser/list.h Examining data/xcircuit-3.9.73+dfsg.1/xcwrap.c Examining data/xcircuit-3.9.73+dfsg.1/render.c Examining data/xcircuit-3.9.73+dfsg.1/flate.c Examining data/xcircuit-3.9.73+dfsg.1/rcfile.c Examining data/xcircuit-3.9.73+dfsg.1/cairo.c Examining data/xcircuit-3.9.73+dfsg.1/tkSimple.c Examining data/xcircuit-3.9.73+dfsg.1/filelist.c Examining data/xcircuit-3.9.73+dfsg.1/xcwin32.h Examining data/xcircuit-3.9.73+dfsg.1/tool_bar.h Examining data/xcircuit-3.9.73+dfsg.1/resource.h Examining data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c Examining data/xcircuit-3.9.73+dfsg.1/tkwin32.h Examining data/xcircuit-3.9.73+dfsg.1/keybindings.c Examining data/xcircuit-3.9.73+dfsg.1/python.c Examining data/xcircuit-3.9.73+dfsg.1/formats.c Examining data/xcircuit-3.9.73+dfsg.1/cursors.h Examining data/xcircuit-3.9.73+dfsg.1/pp.c Examining data/xcircuit-3.9.73+dfsg.1/parameter.c Examining data/xcircuit-3.9.73+dfsg.1/text.c Examining data/xcircuit-3.9.73+dfsg.1/fontfile.c Examining data/xcircuit-3.9.73+dfsg.1/utf8encodings.c Examining data/xcircuit-3.9.73+dfsg.1/graphic.c Examining data/xcircuit-3.9.73+dfsg.1/events.c Examining data/xcircuit-3.9.73+dfsg.1/svg.c Examining data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c Examining data/xcircuit-3.9.73+dfsg.1/files.c Examining data/xcircuit-3.9.73+dfsg.1/netlist.c Examining data/xcircuit-3.9.73+dfsg.1/ngspice.c Examining data/xcircuit-3.9.73+dfsg.1/undo.c Examining data/xcircuit-3.9.73+dfsg.1/xcircuit.c FINAL RESULTS: data/xcircuit-3.9.73+dfsg.1/w32x11.c:398:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(buffer, "\\*", MAX_PATH); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:441:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(buffer, "\\*", MAX_PATH); data/xcircuit-3.9.73+dfsg.1/Xw/Button.c:269:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). newcbox->button.label = strcpy( data/xcircuit-3.9.73+dfsg.1/Xw/Button.c:549:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). aButton->button.label = strcpy( XtMalloc((unsigned) data/xcircuit-3.9.73+dfsg.1/Xw/Form.c:363:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). *name = strcpy (XtMalloc((unsigned) XwStrlen (*name) + 1), *name); data/xcircuit-3.9.73+dfsg.1/Xw/MenuBtn.c:951:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(XtMalloc((unsigned)(XwStrlen(mbutton->menubutton.accelerator)+1)), data/xcircuit-3.9.73+dfsg.1/Xw/MenuBtn.c:966:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(XtMalloc((unsigned)(XwStrlen(mbutton->menubutton.hint)+1)), data/xcircuit-3.9.73+dfsg.1/Xw/MenuBtn.c:1848:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(XtMalloc((unsigned) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:249:46: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). new->menu_mgr.postString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:285:48: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). new->menu_mgr.selectString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:316:48: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). new->menu_mgr.unpostString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:354:51: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). new->menu_mgr.kbdSelectString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:454:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->menu_mgr.postString) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:496:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->menu_mgr.selectString) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:540:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->menu_mgr.unpostString) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:587:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->menu_mgr.kbdSelectString) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c:327:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(XtMalloc(XwStrlen(new->menu_pane.title_string) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c:334:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(XtMalloc(XwStrlen(new->core.name) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c:366:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(XtMalloc(XwStrlen(new->menu_pane.attach_to) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c:441:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->menu_pane.title_string) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c:448:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->core.name) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/MenuPane.c:499:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (XtMalloc (XwStrlen (new->menu_pane.attach_to) + 1), data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:357:49: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). new->popup_mgr.postAccelerator = (String) strcpy (XtMalloc ( data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:485:55: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). new->popup_mgr.postAccelerator = (String) strcpy (XtMalloc ( data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:609:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, new->menu_mgr.selectString); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:610:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, selectTemplate); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:639:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, current->menu_mgr.unpostString); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:640:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, unpostTemplate); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:641:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, _XwMapToHex(NULL)); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:661:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, new->menu_mgr.unpostString); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:662:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, unpostTemplate); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:663:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, _XwMapToHex(new->core.self)); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:691:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, new->menu_mgr.kbdSelectString); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:692:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, selectTemplate); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:1125:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, event); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:1126:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, template); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:1128:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, _XwMapToHex(menuMgrId->core.self)); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:1130:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workTemplate, _XwMapToHex(NULL)); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:3616:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workSpace, event); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:3617:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (workSpace, action); data/xcircuit-3.9.73+dfsg.1/Xw/SText.c:789:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(stp->output_string,stp->input_string); data/xcircuit-3.9.73+dfsg.1/Xw/SourceStr.c:314:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(data->buffer, data->initial_string); data/xcircuit-3.9.73+dfsg.1/cairo.c:1374:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(gs_cmd, data/xcircuit-3.9.73+dfsg.1/elements.c:683:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(libobjname, curlabel->string->nextpart->data.string); data/xcircuit-3.9.73+dfsg.1/elements.c:693:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(curlabel->string->nextpart->data.string, libobj->name); data/xcircuit-3.9.73+dfsg.1/elements.c:713:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(libobj->name, curlabel->string->nextpart->data.string); data/xcircuit-3.9.73+dfsg.1/elements.c:720:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(libobj->name, curlabel->string->nextpart->data.string); data/xcircuit-3.9.73+dfsg.1/elements.c:924:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newpart->data.string, clientdata); data/xcircuit-3.9.73+dfsg.1/events.c:503:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xobjs.pagelist[page]->filename, pageobj->name); data/xcircuit-3.9.73+dfsg.1/events.c:2792:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s, %s in", fstr1, fstr2); data/xcircuit-3.9.73+dfsg.1/events.c:2798:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sptr, " (%s x %s in)", fstr1, fstr2); data/xcircuit-3.9.73+dfsg.1/events.c:2801:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sptr, " (length %s in)", fstr1); data/xcircuit-3.9.73+dfsg.1/events.c:4446:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(editstr, ((ispage = is_page(curobject)) >= 0) ? "Editing: " : ""); data/xcircuit-3.9.73+dfsg.1/events.c:4447:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(editstr, (is_library(curobject) >= 0) ? "Library: " : ""); data/xcircuit-3.9.73+dfsg.1/events.c:4464:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpname, curobject->name); data/xcircuit-3.9.73+dfsg.1/events.c:4520:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pptr, "::_%s", (*libobj)->name); data/xcircuit-3.9.73+dfsg.1/events.c:4528:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pptr, "%s", (*libobj)->name); data/xcircuit-3.9.73+dfsg.1/events.c:4529:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pptr + offset, "_%s", (*libobj)->name + offset); data/xcircuit-3.9.73+dfsg.1/events.c:4547:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pptr, "_%s", sref->alias); data/xcircuit-3.9.73+dfsg.1/events.c:4914:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*newobj)->name, name); data/xcircuit-3.9.73+dfsg.1/filelist.c:211:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retstr, tpos); data/xcircuit-3.9.73+dfsg.1/filelist.c:218:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(retstr + slen, " (%s)", tpos); data/xcircuit-3.9.73+dfsg.1/filelist.c:267:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s/%s", xobjs.tempdir, dp->d_name); data/xcircuit-3.9.73+dfsg.1/filelist.c:296:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, _STR); data/xcircuit-3.9.73+dfsg.1/filelist.c:313:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, ".query.title.field configure -text " data/xcircuit-3.9.73+dfsg.1/filelist.c:444:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s%s", cwdname, dp->d_name); data/xcircuit-3.9.73+dfsg.1/filelist.c:461:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(files[flfiles].filename, dp->d_name); data/xcircuit-3.9.73+dfsg.1/filelist.c:551:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, ".filelist.textent.txt insert 0 %s", cwdname); data/xcircuit-3.9.73+dfsg.1/filelist.c:631:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, ebuf); data/xcircuit-3.9.73+dfsg.1/filelist.c:643:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tbuf, cwdname); data/xcircuit-3.9.73+dfsg.1/filelist.c:647:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tbuf, files[filenum].filename); data/xcircuit-3.9.73+dfsg.1/filelist.c:650:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, ".filelist.textent.txt insert 0 %s", tbuf); data/xcircuit-3.9.73+dfsg.1/filelist.c:679:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cwdname, files[filenum].filename); data/xcircuit-3.9.73+dfsg.1/filelist.c:893:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cwdname, lstring); data/xcircuit-3.9.73+dfsg.1/files.c:710:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s ", epp->key); data/xcircuit-3.9.73+dfsg.1/files.c:753:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s ", epp->key); data/xcircuit-3.9.73+dfsg.1/files.c:783:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s ", epp->key); data/xcircuit-3.9.73+dfsg.1/files.c:853:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(promptstr, "Recover file \'%s\'?", (cfile == NULL) ? "(unknown)" : cfile); data/xcircuit-3.9.73+dfsg.1/files.c:859:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(promptstr, "Select file to %s:", loadmodes[idx].prompt); data/xcircuit-3.9.73+dfsg.1/files.c:895:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(expanded, username); data/xcircuit-3.9.73+dfsg.1/files.c:896:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(expanded, sptr); data/xcircuit-3.9.73+dfsg.1/files.c:935:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(expanded, filename); data/xcircuit-3.9.73+dfsg.1/files.c:936:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(expanded, varsub); data/xcircuit-3.9.73+dfsg.1/files.c:938:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(expanded, sptr); data/xcircuit-3.9.73+dfsg.1/files.c:966:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inname, expname); data/xcircuit-3.9.73+dfsg.1/files.c:970:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inname, sptr); data/xcircuit-3.9.73+dfsg.1/files.c:976:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iptr, expname); data/xcircuit-3.9.73+dfsg.1/files.c:994:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iptr, expname); data/xcircuit-3.9.73+dfsg.1/files.c:1017:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slptr + 1, "%s", cptr + 1); data/xcircuit-3.9.73+dfsg.1/files.c:1213:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inname, expname); data/xcircuit-3.9.73+dfsg.1/files.c:1217:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inname, sptr); data/xcircuit-3.9.73+dfsg.1/files.c:1223:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iptr, expname); data/xcircuit-3.9.73+dfsg.1/files.c:1236:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iptr, expname); data/xcircuit-3.9.73+dfsg.1/files.c:1254:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s/%s", tmp_s, expname); data/xcircuit-3.9.73+dfsg.1/files.c:1257:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s/%s%s", tmp_s, expname, suffix); data/xcircuit-3.9.73+dfsg.1/files.c:1265:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s/%s", BUILTINS_DIR, expname); data/xcircuit-3.9.73+dfsg.1/files.c:1268:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s/%s%s", BUILTINS_DIR, expname, suffix); data/xcircuit-3.9.73+dfsg.1/files.c:1307:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullname, "::%s", objname); data/xcircuit-3.9.73+dfsg.1/files.c:1309:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullname, "%s::%s", defaulttech->technology, objname); data/xcircuit-3.9.73+dfsg.1/files.c:1373:3: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(&temp[s], "%s", keyword); data/xcircuit-3.9.73+dfsg.1/files.c:1413:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(tptr, "%s", keyword); data/xcircuit-3.9.73+dfsg.1/files.c:1418:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(tptr, "%s", keyword) != 1) break; data/xcircuit-3.9.73+dfsg.1/files.c:1725:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, "fonts/%s", _STR); data/xcircuit-3.9.73+dfsg.1/files.c:2093:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(topobject->name, "%s", pdchar + 1); data/xcircuit-3.9.73+dfsg.1/files.c:2095:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(topobject->name, "%s", _STR); data/xcircuit-3.9.73+dfsg.1/files.c:2139:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(temp, "%*c%*s %s", inname); data/xcircuit-3.9.73+dfsg.1/files.c:2353:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, temp); data/xcircuit-3.9.73+dfsg.1/files.c:2781:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newpart->data.string, key); data/xcircuit-3.9.73+dfsg.1/files.c:2868:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newops->key, paramkey); data/xcircuit-3.9.73+dfsg.1/files.c:3327:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullname, "::%s", name); data/xcircuit-3.9.73+dfsg.1/files.c:3329:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullname, "%s::%s", defaulttech->technology, name); data/xcircuit-3.9.73+dfsg.1/files.c:3370:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((*newobject)->name, "%s", fullname); data/xcircuit-3.9.73+dfsg.1/files.c:5020:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(template, "%s/XC%d.XXXXXX", xobjs.tempdir, pid); data/xcircuit-3.9.73+dfsg.1/files.c:5023:15: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). fd = mktemp(template); data/xcircuit-3.9.73+dfsg.1/files.c:5131:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outfile, outname); data/xcircuit-3.9.73+dfsg.1/files.c:5505:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s~", fname); data/xcircuit-3.9.73+dfsg.1/files.c:5510:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%sB", xobjs.tempfile); data/xcircuit-3.9.73+dfsg.1/files.c:5521:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.ps", fname); data/xcircuit-3.9.73+dfsg.1/files.c:5522:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(outname, "%s", fname); data/xcircuit-3.9.73+dfsg.1/files.c:5629:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s/%s", tmp_s, PROLOGUE_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5636:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s/%s", PROLOGUE_DIR, PROLOGUE_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5639:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s", PROLOGUE_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5665:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s/%s", PROLOGUE_DIR, CYRILLIC_ENC_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5668:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s", CYRILLIC_ENC_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5685:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s/%s", PROLOGUE_DIR, ISOLATIN2_ENC_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5688:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s", ISOLATIN2_ENC_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5705:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s/%s", PROLOGUE_DIR, ISOLATIN5_ENC_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5708:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prologue, "%s", ISOLATIN5_ENC_FILE); data/xcircuit-3.9.73+dfsg.1/files.c:5925:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%sB", xobjs.tempfile); data/xcircuit-3.9.73+dfsg.1/files.c:5930:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s~", fname); data/xcircuit-3.9.73+dfsg.1/files.c:5946:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tstr, "%4.3f %4.3f %4.3f %s", data/xcircuit-3.9.73+dfsg.1/files.c:5963:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tstr, "0 0 0 %s", postfix); data/xcircuit-3.9.73+dfsg.1/files.c:6112:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s ", validname); data/xcircuit-3.9.73+dfsg.1/files.c:6168:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "{/%s cf} ", fonts[chrptr->data.font].psname); data/xcircuit-3.9.73+dfsg.1/files.c:6170:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "{/%s %5.3f cf} ", fonts[chrptr->data.font].psname, data/xcircuit-3.9.73+dfsg.1/files.c:6183:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "{/%s %5.3f cf} ", fonts[*lastfont].psname, *lastscale); data/xcircuit-3.9.73+dfsg.1/files.c:6207:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retstr, _STR); data/xcircuit-3.9.73+dfsg.1/files.c:6529:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s scb\n", epp->key); data/xcircuit-3.9.73+dfsg.1/fontfile.c:70:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "fonts/%s", fontname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:124:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(psname, fontname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:205:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(psname, tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:224:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(family, tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:262:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(psname2, tempname); data/xcircuit-3.9.73+dfsg.1/formats.c:71:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s.lgf", _STR); data/xcircuit-3.9.73+dfsg.1/formats.c:74:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s.lfo", _STR); data/xcircuit-3.9.73+dfsg.1/formats.c:93:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, LGF_LIB); data/xcircuit-3.9.73+dfsg.1/formats.c:135:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xobjs.pagelist[areawin->page]->filename, inname); data/xcircuit-3.9.73+dfsg.1/formats.c:140:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(topobject->name, "%s", pdchar + 1); data/xcircuit-3.9.73+dfsg.1/formats.c:142:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(topobject->name, "%s", inname); data/xcircuit-3.9.73+dfsg.1/formats.c:194:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(signals[i], "%s", tmpstring); data/xcircuit-3.9.73+dfsg.1/formats.c:244:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strptr->data.string, tstrp); data/xcircuit-3.9.73+dfsg.1/formats.c:365:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpstring, lineptr); data/xcircuit-3.9.73+dfsg.1/formats.c:437:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strptr->data.string, signals[k]); data/xcircuit-3.9.73+dfsg.1/formats.c:549:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s.ps", _STR); data/xcircuit-3.9.73+dfsg.1/formats.c:552:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(inname, "%s.eps", _STR); data/xcircuit-3.9.73+dfsg.1/formats.c:564:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(topobject->name, "%s", _STR); data/xcircuit-3.9.73+dfsg.1/functions.c:2958:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s", xobjs.pagelist[areawin->page]->filename); data/xcircuit-3.9.73+dfsg.1/functions.c:2960:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s", data/xcircuit-3.9.73+dfsg.1/functions.c:2967:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(extend, dotptr); data/xcircuit-3.9.73+dfsg.1/graphic.c:343:16: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nr = fscanf(fg, " %s", buf); data/xcircuit-3.9.73+dfsg.1/graphic.c:346:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(buf, "%s", id) <= 0) data/xcircuit-3.9.73+dfsg.1/graphic.c:355:16: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nr = fscanf(fg, " %s", buf); data/xcircuit-3.9.73+dfsg.1/graphic.c:367:16: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nr = fscanf(fg, " %s", buf); data/xcircuit-3.9.73+dfsg.1/graphic.c:379:16: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nr = fscanf(fg, " %s", buf); data/xcircuit-3.9.73+dfsg.1/keybindings.c:340:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(retstr, tmpstr); data/xcircuit-3.9.73+dfsg.1/keybindings.c:375:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(retstr, tmpstr); data/xcircuit-3.9.73+dfsg.1/keybindings.c:445:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(kptr, str); data/xcircuit-3.9.73+dfsg.1/keybindings.c:479:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, tstr); data/xcircuit-3.9.73+dfsg.1/keybindings.c:481:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, func_to_string(XCF_Edit_Delete)); data/xcircuit-3.9.73+dfsg.1/keybindings.c:486:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, tstr); data/xcircuit-3.9.73+dfsg.1/keybindings.c:488:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, func_to_string(XCF_Edit_Insert)); data/xcircuit-3.9.73+dfsg.1/keybindings.c:493:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, tstr); data/xcircuit-3.9.73+dfsg.1/keybindings.c:495:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, func_to_string(XCF_Edit_Param)); data/xcircuit-3.9.73+dfsg.1/keybindings.c:500:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, tstr); data/xcircuit-3.9.73+dfsg.1/keybindings.c:502:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, func_to_string(XCF_Edit_Next)); data/xcircuit-3.9.73+dfsg.1/libraries.c:650:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strptr->data.string, libobj->name); data/xcircuit-3.9.73+dfsg.1/libraries.c:1432:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((*newobj)->name, "_%s", oldobj->name); data/xcircuit-3.9.73+dfsg.1/libraries.c:1434:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*newobj)->name, oldobj->name); data/xcircuit-3.9.73+dfsg.1/libraries.c:1435:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((*newobj)->name + (cptr - oldobj->name) + 2, "_%s", cptr + 2); data/xcircuit-3.9.73+dfsg.1/menucalls.c:798:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "xcircuit::newlibrarybutton \"%s\"", newlibobj->name); data/xcircuit-3.9.73+dfsg.1/menucalls.c:843:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pname, "xcircuit::renamepage %d {%s}", pagenumber + 1, plabel); data/xcircuit-3.9.73+dfsg.1/menucalls.c:857:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "xcircuit::renamelib %d \"%s\"", libnumber - LIBRARY + 1, data/xcircuit-3.9.73+dfsg.1/menucalls.c:1237:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, (calldata != NULL) ? (char *)calldata : "substring"); data/xcircuit-3.9.73+dfsg.1/netlist.c:310:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(*hierstr + hierlen, "%s%s(%s)", data/xcircuit-3.9.73+dfsg.1/netlist.c:314:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(*hierstr + hierlen, "%s%s%s", data/xcircuit-3.9.73+dfsg.1/netlist.c:1791:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strptr->data.string, pinstring); data/xcircuit-3.9.73+dfsg.1/netlist.c:3084:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newtext, "%s%s", prefix, snew); data/xcircuit-3.9.73+dfsg.1/netlist.c:3793:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sout + strlen(sout), "%s", b36str); data/xcircuit-3.9.73+dfsg.1/netlist.c:3799:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sout, cschem->name); data/xcircuit-3.9.73+dfsg.1/netlist.c:3809:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sout, sptr); data/xcircuit-3.9.73+dfsg.1/netlist.c:3887:18: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sptr, _STR); data/xcircuit-3.9.73+dfsg.1/netlist.c:3956:18: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sout, snew); data/xcircuit-3.9.73+dfsg.1/netlist.c:4004:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sout, snew); data/xcircuit-3.9.73+dfsg.1/netlist.c:4049:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sout + k, "%s", b36str); data/xcircuit-3.9.73+dfsg.1/netlist.c:4063:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(optr->data.string, sout + k); data/xcircuit-3.9.73+dfsg.1/netlist.c:4085:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sout + k, "%s", b36str); data/xcircuit-3.9.73+dfsg.1/netlist.c:4358:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s_%u", calls->callobj->name, data/xcircuit-3.9.73+dfsg.1/netlist.c:4362:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newprefix, "%s%s/", prefix, _STR); data/xcircuit-3.9.73+dfsg.1/netlist.c:4395:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(locmode, mode); data/xcircuit-3.9.73+dfsg.1/netlist.c:4566:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(optr->data.string, "%s", stmp); data/xcircuit-3.9.73+dfsg.1/netlist.c:4700:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(locmode, mode); data/xcircuit-3.9.73+dfsg.1/netlist.c:5470:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.%s", cschem->name, suffix); data/xcircuit-3.9.73+dfsg.1/netlist.c:5720:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s_%s", calls->devname, d36a(devindex(cschem, calls))); data/xcircuit-3.9.73+dfsg.1/netlist.c:5723:3: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(sout, "%s", _STR); /* Copy the first word out of sout */ data/xcircuit-3.9.73+dfsg.1/netlist.c:5727:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newprefix, "%s%s/", prefix, _STR); data/xcircuit-3.9.73+dfsg.1/netlist.c:5773:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmppinname, newprefix); data/xcircuit-3.9.73+dfsg.1/netlist.c:5775:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmppinname, lhs); data/xcircuit-3.9.73+dfsg.1/netlist.c:5949:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpstr->string->data.string, newprefix); data/xcircuit-3.9.73+dfsg.1/netlist.c:5953:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpstr->string->data.string, snew); data/xcircuit-3.9.73+dfsg.1/netlist.c:6001:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, snew); data/xcircuit-3.9.73+dfsg.1/ngspice.c:189:10: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(SPICE_EXEC, "ngspice", "-p", (char *)NULL); data/xcircuit-3.9.73+dfsg.1/ngspice.c:492:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "source %s.spc", topobject->name); data/xcircuit-3.9.73+dfsg.1/ngspice.c:603:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "print %s", msg); data/xcircuit-3.9.73+dfsg.1/ngspice.c:614:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "print %s[%d]", msg, (int)(refval - 1)); data/xcircuit-3.9.73+dfsg.1/ngspice.c:616:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "print %s", msg); data/xcircuit-3.9.73+dfsg.1/ngspice.c:619:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "print %s", msg); data/xcircuit-3.9.73+dfsg.1/parameter.c:139:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newops->key, key); data/xcircuit-3.9.73+dfsg.1/parameter.c:154:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newepp->key, key); data/xcircuit-3.9.73+dfsg.1/parameter.c:1505:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(stkey, getnumericalpkey(which)); data/xcircuit-3.9.73+dfsg.1/parameter.c:1509:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(stkey, "%s%d", getnumericalpkey(which), pidx); data/xcircuit-3.9.73+dfsg.1/parameter.c:1685:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_key, getnumericalpkey(mode)); data/xcircuit-3.9.73+dfsg.1/parameter.c:1689:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_key, "%s%d", getnumericalpkey(mode), pidx); data/xcircuit-3.9.73+dfsg.1/parameter.c:2107:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sptr, "%d = %s = <%s", nparms, ops->key, newstr); data/xcircuit-3.9.73+dfsg.1/parameter.c:2210:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(begpart->data.string, newkey); data/xcircuit-3.9.73+dfsg.1/pp.c:104:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer2, c + strlen(p->pattern) + 1); data/xcircuit-3.9.73+dfsg.1/pp.c:105:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, buffer2); data/xcircuit-3.9.73+dfsg.1/pp.c:112:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer2, buffer); data/xcircuit-3.9.73+dfsg.1/pp.c:113:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer2, p->string); data/xcircuit-3.9.73+dfsg.1/pp.c:114:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer2, c + strlen(p->pattern)); data/xcircuit-3.9.73+dfsg.1/pp.c:115:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, buffer2); data/xcircuit-3.9.73+dfsg.1/python.c:138:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s()\n", functionptr); data/xcircuit-3.9.73+dfsg.1/python.c:140:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s('%s')\n", functionptr, _STR2); data/xcircuit-3.9.73+dfsg.1/python.c:922:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, filename); data/xcircuit-3.9.73+dfsg.1/python.c:1566:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, libname); data/xcircuit-3.9.73+dfsg.1/python.c:1633:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(funcname, "%s %d", func_to_string(ksearch->function), data/xcircuit-3.9.73+dfsg.1/python.c:1665:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "keydict[%d] = %s\n", keywstate, function); data/xcircuit-3.9.73+dfsg.1/python.c:1777:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "buttondict[%ld] = %s\n", (long int)newbutton, pfunction); data/xcircuit-3.9.73+dfsg.1/python.c:1842:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "tooldict[%ld] = %s\n", (long int)newtool, pfunction); data/xcircuit-3.9.73+dfsg.1/python.c:2005:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", tmp_s, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/python.c:2008:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", SCRIPTS_DIR, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/python.c:2051:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s", USER_RC_FILE); /* Name imported from Makefile */ data/xcircuit-3.9.73+dfsg.1/python.c:2058:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", userdir, USER_RC_FILE); data/xcircuit-3.9.73+dfsg.1/rcfile.c:420:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", tmp_s, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/rcfile.c:423:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", SCRIPTS_DIR, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/rcfile.c:457:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s", USER_RC_FILE); /* Name imported from Makefile */ data/xcircuit-3.9.73+dfsg.1/rcfile.c:464:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", userdir, USER_RC_FILE); data/xcircuit-3.9.73+dfsg.1/render.c:110:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "%s %d %d", "Color", (int)FOREGROUND, (int)BACKGROUND); data/xcircuit-3.9.73+dfsg.1/render.c:307:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(env_str1, "DISPLAY=%s", XDisplayString(dpy)); data/xcircuit-3.9.73+dfsg.1/render.c:362:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(env_str1, "DISPLAY=%s", XDisplayString(dpy)); data/xcircuit-3.9.73+dfsg.1/render.c:372:10: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(GS_EXEC, "gs", "-dNOPAUSE", "-", (char *)NULL); data/xcircuit-3.9.73+dfsg.1/render.c:496:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file_in, "@%s/XXXXXX", xobjs.tempdir); data/xcircuit-3.9.73+dfsg.1/render.c:499:10: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). tfd = mktemp(file_in + 1); data/xcircuit-3.9.73+dfsg.1/render.c:567:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xobjs.pagelist[areawin->page]->background.name, gsfile); data/xcircuit-3.9.73+dfsg.1/render.c:621:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR, "(%s) run\n", bgfile); data/xcircuit-3.9.73+dfsg.1/schema.c:197:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(thispageobj->name, "%s:2", thispageobj->name); data/xcircuit-3.9.73+dfsg.1/schema.c:315:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "Network is \"%s\" in %s", snew, nettop->name); data/xcircuit-3.9.73+dfsg.1/schema.c:328:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sptr, "%s ", snew); data/xcircuit-3.9.73+dfsg.1/schema.c:332:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sptr, "in %s", nettop->name); data/xcircuit-3.9.73+dfsg.1/schema.c:923:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(topobject->name, canonname); data/xcircuit-3.9.73+dfsg.1/schema.c:1146:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(schemobj->name, GetCanonicalName(symbolobj->name)); data/xcircuit-3.9.73+dfsg.1/spiceparser/names.c:41:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(b->str,str); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:615:12: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf(file,err); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:620:12: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. else fprintf(file,err); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:37:19: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define Fprintf fprintf data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:103:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pc->str,str); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:421:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(scktp->name,name); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:73:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bp,"line %i: %s: near %s : ",line,warnerr,c->str); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:74:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(bp,"line %i: %s: :",line,warnerr); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:81:18: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if(c->val!=NULL)sprintf(bp,"%s=%s ",c->str,c->val); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:82:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(bp,"%s ",c->str); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:85:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bp,"\n --> %s",fmt); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:115:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr,fmt,vp); data/xcircuit-3.9.73+dfsg.1/spiceparser/xcircspice.c:13:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf tcl_printf data/xcircuit-3.9.73+dfsg.1/svg.c:244:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outname, img->filename); data/xcircuit-3.9.73+dfsg.1/svg.c:252:4: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp("convert", "convert", fname, outname, NULL); data/xcircuit-3.9.73+dfsg.1/svg.c:286:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outname, img->filename); data/xcircuit-3.9.73+dfsg.1/svg.c:1136:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s", Tcl_GetString(objv[1])); data/xcircuit-3.9.73+dfsg.1/svg.c:1139:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s", xobjs.pagelist[areawin->page]->filename); data/xcircuit-3.9.73+dfsg.1/svg.c:1141:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s", xobjs.pagelist[areawin->page]->pageinst->thisobject->name); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:162:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (outstr + 19, (f == stderr) ? "err \"" : "out \""); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:170:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = vsnprintf(outptr + 24, 102, fmt, args); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:178:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(outptr + 24, nchars + 2, fmt, args); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:229:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(stdptr, (f == stderr) ? "err" : "out"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:246:6: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(f, format, ap); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:303:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(substcmd, postcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:333:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:336:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:339:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), tkpath); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:340:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:353:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:354:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newcmd + (int)(sptr - substcmd), "\"%s\"", sres); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:355:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:364:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:366:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:379:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:380:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:382:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:390:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:391:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:404:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:407:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, Tcl_GetString(objv[i])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:412:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:420:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:421:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), sptr + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:854:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newpart->data.string, Tcl_GetString(tobj)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:1527:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mode, "%s%s", option, Tcl_GetString(objv[2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3879:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(thisinst->thisobject->name, "%s", Tcl_GetString(objv[nidx + 2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4399:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[nidx + 2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:5871:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6616:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[3])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6640:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[3])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6722:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6872:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7045:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s.ps", curpage->filename); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7046:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(_STR2, "%s", curpage->filename); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7156:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, suffix); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7159:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, tinst->thisobject->name); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7161:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, filename); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7359:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s", Tcl_GetString(objv[2 + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7385:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, argv); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7445:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s", Tcl_GetString(objv[3 + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7448:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(_STR2, Tcl_GetString(objv[i + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7462:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s", Tcl_GetString(objv[3 + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7475:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, ASG_SPICE_LIB); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7484:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(_STR2, Tcl_GetString(objv[3 + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7512:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(curpage->pageinst->thisobject->name, data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7737:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[2 + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7897:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, Tcl_GetString(objv[2 + nidx])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7943:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(astr, "%s.ps", newstr); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8247:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!usertech) strcpy(libobj->name, technology); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8270:20: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!usertech) strcpy(libobj->name, technology); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8511:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR, filename); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8623:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xobjs.libtop[libnum]->thisobject->name, Tcl_GetString(objv[2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8942:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", tmp_s, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8945:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", SCRIPTS_DIR, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8947:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/tcl/%s", SCRIPTS_DIR, STARTUP_FILE); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9089:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newexpr, exprptr); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9091:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newexpr, promoted); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9093:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newexpr, pkey); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9249:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s-%g", USER_RC_FILE, PROG_VERSION); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9254:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s-%g", userdir, USER_RC_FILE, PROG_VERSION); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9257:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s", USER_RC_FILE); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9261:16: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(_STR2, "%s/%s", userdir, USER_RC_FILE); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9846:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.mainframe.mainarea.drawing", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9861:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.mainframe.mainarea.sbleft", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9863:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.mainframe.mainarea.sbbottom", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9865:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.mainframe.mainarea.drawing", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9868:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.mainframe.mainarea.corner", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9871:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.infobar.symb", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9874:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(winpath, "%s.infobar.schem", xctopwin); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10130:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, filearg); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10172:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tstr, "catch {xcircuit::print %s {", window); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10176:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. n = vsnprintf(tstr + size, 128 - size, format, args); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10183:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(bigstr + size, n + 1, format, args); data/xcircuit-3.9.73+dfsg.1/text.c:353:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(firststr->data.string, nextstr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:593:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sout, "Font=%s", (strptr->data.font >= fontcount) ? data/xcircuit-3.9.73+dfsg.1/text.c:603:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sout, "Parameter(%s)<", strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:606:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sout, nonprint[strptr->type]); data/xcircuit-3.9.73+dfsg.1/text.c:660:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sout, _STR); data/xcircuit-3.9.73+dfsg.1/text.c:688:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(sout, _STR); data/xcircuit-3.9.73+dfsg.1/text.c:735:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(substr + (int)(busptr - newstr), "%d%s", subnet, endptr); data/xcircuit-3.9.73+dfsg.1/text.c:744:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(substr, newstr); data/xcircuit-3.9.73+dfsg.1/text.c:774:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newstr, "%s%d", prefix, sublist->net.id); data/xcircuit-3.9.73+dfsg.1/text.c:779:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newstr, "%s%d%c", prefix, sbus->netid, areawin->buschar); data/xcircuit-3.9.73+dfsg.1/text.c:1272:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newpart->data.string, strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:1299:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newpart->data.string, strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:1349:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newpart->data.string, strptr->data.string); data/xcircuit-3.9.73+dfsg.1/tkwin32.h:28:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/xcircuit-3.9.73+dfsg.1/tkwin32.h:28:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/xcircuit-3.9.73+dfsg.1/tkwin32.h:32:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/xcircuit-3.9.73+dfsg.1/w32x11.c:230:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int system; data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:21:4: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(buffer, wargv[i]); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:320:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*promptstr, thisobj->name); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:341:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(*promptstr, fname); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1256:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(objPtr->bytes, buffer); data/xcircuit-3.9.73+dfsg.1/xcircuit.h:75:19: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define Fprintf fprintf data/xcircuit-3.9.73+dfsg.1/xcwin32.c:24:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define W32DEBUG(x) printf##x data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1091:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, ofn.lpstrFile); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3037:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[0], "%s", curpage->filename); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3038:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[1], "%s", topobject->name); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3042:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[5], "%s", (curpage->orient == 0) ? "Portrait" : "Landscape"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3043:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[6], "%s", (curpage->pmode & 1) ? "Full page" : "Embedded (EPS)"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3070:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(request, edit[0]); data/xcircuit-3.9.73+dfsg.1/xcwin32.h:562:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/xcircuit-3.9.73+dfsg.1/xcwin32.h:562:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/xcircuit-3.9.73+dfsg.1/xcwin32.h:563:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/xcircuit-3.9.73+dfsg.1/xcwrap.c:174:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command + 10, "%s", xc_commands[cmdidx].cmdstr); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:188:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "lappend auto_path %s", tmp_s); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:191:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "lappend auto_path %s/tcl", tmp_s); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:606:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fpedit, "%3.2f x %3.2f %s", data/xcircuit-3.9.73+dfsg.1/xtgui.c:282:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(popupname, "popup%s", menuname); data/xcircuit-3.9.73+dfsg.1/xtgui.c:729:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(blabel, "%s.ps", xobjs.pagelist[areawin->page]->filename); data/xcircuit-3.9.73+dfsg.1/xtgui.c:730:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(blabel, "%s", xobjs.pagelist[areawin->page]->filename); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1023:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[0], "%s", curpage->filename); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1026:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[1], "%s", topobject->name); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1032:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[5], "%s", (curpage->orient == 0) ? "Portrait" : "Landscape"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1033:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(edit[6], "%s", (curpage->pmode & 1) data/xcircuit-3.9.73+dfsg.1/xtgui.c:1061:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outname, "%s.ps", edit[0]); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1062:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(outname, "%s", edit[0]); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1344:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = vsnprintf(outptr, 127, fmt, args); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1352:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(outptr, nchars + 2, fmt, args); data/xcircuit-3.9.73+dfsg.1/xtgui.c:2077:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(_STR2, argv[(k == 1) ? 2 : 1]); data/xcircuit-3.9.73+dfsg.1/files.c:880:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. username = getenv("HOME"); data/xcircuit-3.9.73+dfsg.1/files.c:927:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. varsub = (char *)getenv((const char *)(varpos + 1)); data/xcircuit-3.9.73+dfsg.1/files.c:1251:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *tmp_s = getenv((const char *)"XCIRCUIT_LIB_DIR"); data/xcircuit-3.9.73+dfsg.1/files.c:5186:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. uname = getenv((const char *)"USERNAME"); data/xcircuit-3.9.73+dfsg.1/files.c:5188:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. uname = getenv((const char *)"USER"); data/xcircuit-3.9.73+dfsg.1/files.c:5195:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((hostname = getenv((const char *)"HOSTNAME")) == NULL) data/xcircuit-3.9.73+dfsg.1/files.c:5196:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((hostname = getenv((const char *)"HOST")) == NULL) { data/xcircuit-3.9.73+dfsg.1/files.c:5627:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmp_s = getenv((const char *)"XCIRCUIT_LIB_DIR"); data/xcircuit-3.9.73+dfsg.1/ngspice.c:144:8: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, data/xcircuit-3.9.73+dfsg.1/ngspice.c:144:8: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, data/xcircuit-3.9.73+dfsg.1/python.c:2000:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *tmp_s = getenv((const char *)"XCIRCUIT_SRC_DIR"); data/xcircuit-3.9.73+dfsg.1/python.c:2043:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *userdir = getenv((const char *)"HOME"); data/xcircuit-3.9.73+dfsg.1/rcfile.c:417:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *tmp_s = getenv((const char *)"XCIRCUIT_SRC_DIR"); data/xcircuit-3.9.73+dfsg.1/rcfile.c:453:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *userdir = getenv((const char *)"HOME"); data/xcircuit-3.9.73+dfsg.1/render.c:334:7: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &st_info, &pr_info) == 0) { data/xcircuit-3.9.73+dfsg.1/render.c:334:7: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (CreateProcess(NULL, cmd, NULL, NULL, TRUE, 0, NULL, NULL, &st_info, &pr_info) == 0) { data/xcircuit-3.9.73+dfsg.1/svg.c:223:16: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). fname = tmpnam(NULL); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8936:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *tmp_s = getenv((const char *)"XCIRCUIT_SRC_DIR"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9231:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *userdir = getenv((const char *)"HOME"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1190:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. xobjs.tempdir = getenv("TMPDIR"); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:159:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmp_s = getenv("XCIRCUIT_SRC_DIR"); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:162:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmp_l = getenv("XCIRCUIT_LIB_DIR"); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:205:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cadhome = getenv("CAD_ROOT"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1631:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("XAPPLRESDIR") == NULL) data/xcircuit-3.9.73+dfsg.1/Xw/Form.c:1433:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XtFree ((char *)(processList[i])); data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:399:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keySymName[100], *start; data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:471:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modStr[100]; data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:566:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eventTypeStr[100]; data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:891:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[(sizeof(Widget) << 1) + 1]; data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:238:46: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. new->menu_mgr.postString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:274:48: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. new->menu_mgr.selectString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:341:51: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. new->menu_mgr.kbdSelectString = (String) strcpy (XtMalloc (XwStrlen data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:151:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char workArea[300]; data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:985:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1000]; data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:989:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = open(str, O_RDONLY); data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:1856:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char strbuf[STRBUFSIZE]; data/xcircuit-3.9.73+dfsg.1/cairo.c:1363:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gs_cmd[256]; data/xcircuit-3.9.73+dfsg.1/cairo.c:1385:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(display_format, "-dDisplayFormat=%d", DISPLAY_COLORS_RGB data/xcircuit-3.9.73+dfsg.1/cairo.c:1388:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pixmap_size, "-g%dx%d", areawin->width, areawin->height); data/xcircuit-3.9.73+dfsg.1/elements.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150], _STR2[250]; data/xcircuit-3.9.73+dfsg.1/elements.c:63:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extchar[20]; data/xcircuit-3.9.73+dfsg.1/events.c:66:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150], _STR2[250]; data/xcircuit-3.9.73+dfsg.1/events.c:243:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pageobj->name, "Page %d", pagenumber + 1); data/xcircuit-3.9.73+dfsg.1/events.c:500:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pageobj->name, "Page %d", page + 1); data/xcircuit-3.9.73+dfsg.1/events.c:2489:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/events.c:2592:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char istr[12]; data/xcircuit-3.9.73+dfsg.1/events.c:2603:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(istr); data/xcircuit-3.9.73+dfsg.1/events.c:2630:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[10], *nptr = &num[2], *sptr; data/xcircuit-3.9.73+dfsg.1/events.c:2637:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(num, "%1.7f", fp); data/xcircuit-3.9.73+dfsg.1/events.c:2673:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fstr, "%5.3f", xyval); data/xcircuit-3.9.73+dfsg.1/events.c:2675:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fstr, "%hd/%hd", (xyval > 0) ? numer : -numer, denom); data/xcircuit-3.9.73+dfsg.1/events.c:2677:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fstr, "%hd %hd/%hd", ip, numer, denom); data/xcircuit-3.9.73+dfsg.1/events.c:2679:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(fstr, "%hd", ip); data/xcircuit-3.9.73+dfsg.1/events.c:2761:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%g, %g", xval * iscale, yval * iscale); data/xcircuit-3.9.73+dfsg.1/events.c:2765:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, " (%g x %g)", llen * iscale, lwid * iscale); data/xcircuit-3.9.73+dfsg.1/events.c:2767:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, " (length %g)", llen * iscale); data/xcircuit-3.9.73+dfsg.1/events.c:2774:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%5.3f, %5.3f in", f1, f2); data/xcircuit-3.9.73+dfsg.1/events.c:2780:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, " (%5.3f x %5.3f in)", f1, f2); data/xcircuit-3.9.73+dfsg.1/events.c:2783:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, " (length %5.3f in)", f1); data/xcircuit-3.9.73+dfsg.1/events.c:2787:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fstr1[30], fstr2[30]; data/xcircuit-3.9.73+dfsg.1/events.c:2808:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%5.3f, %5.3f cm", f1, f2); data/xcircuit-3.9.73+dfsg.1/events.c:2814:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, " (%5.3f x %5.3f cm)", f1, f2); data/xcircuit-3.9.73+dfsg.1/events.c:2817:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, " (length %5.3f cm)", f1); data/xcircuit-3.9.73+dfsg.1/events.c:4434:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char editstr[10], pagestr[10]; data/xcircuit-3.9.73+dfsg.1/events.c:4440:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[256]; data/xcircuit-3.9.73+dfsg.1/events.c:4449:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pagestr, " (p. %d)", areawin->page + 1); data/xcircuit-3.9.73+dfsg.1/events.c:4574:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newobj->name, "user_object"); data/xcircuit-3.9.73+dfsg.1/filelist.c:81:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; data/xcircuit-3.9.73+dfsg.1/filelist.c:82:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/filelist.c:199:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[256]; data/xcircuit-3.9.73+dfsg.1/filelist.c:203:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fi = fopen(_STR2, "r")) != NULL) { data/xcircuit-3.9.73+dfsg.1/filelist.c:673:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cwdname, "../"); data/xcircuit-3.9.73+dfsg.1/files.c:68:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250], _STR[150]; data/xcircuit-3.9.73+dfsg.1/files.c:236:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pptr, "\\%03o", *sptr); data/xcircuit-3.9.73+dfsg.1/files.c:242:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pptr, "\\%03o", *sptr); data/xcircuit-3.9.73+dfsg.1/files.c:718:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%d ", (int)value); data/xcircuit-3.9.73+dfsg.1/files.c:721:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%d ", (int)value - ops->parameter.ivalue); data/xcircuit-3.9.73+dfsg.1/files.c:760:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%3.3f ", value); data/xcircuit-3.9.73+dfsg.1/files.c:791:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%d ", (int)value); data/xcircuit-3.9.73+dfsg.1/files.c:794:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%d ", (int)value - ops->parameter.ivalue); data/xcircuit-3.9.73+dfsg.1/files.c:956:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[250], expname[250], *sptr, *cptr, *iptr, *froot; data/xcircuit-3.9.73+dfsg.1/files.c:988:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:995:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1013:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%.149s", _STR2); data/xcircuit-3.9.73+dfsg.1/files.c:1201:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[150], expname[150], *sptr, *cptr, *iptr; data/xcircuit-3.9.73+dfsg.1/files.c:1230:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1237:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1255:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1258:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1266:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1269:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:1349:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[150], keyword[100]; data/xcircuit-3.9.73+dfsg.1/files.c:1350:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[150], *tptr; data/xcircuit-3.9.73+dfsg.1/files.c:1716:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[150], keyword[30], percentc, inname[150]; data/xcircuit-3.9.73+dfsg.1/files.c:1833:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "a"); data/xcircuit-3.9.73+dfsg.1/files.c:1900:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[250]; data/xcircuit-3.9.73+dfsg.1/files.c:1948:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[250]; data/xcircuit-3.9.73+dfsg.1/files.c:1959:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). spcfile = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:2006:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[150], temp[150], keyword[30], percentc, *pdchar; data/xcircuit-3.9.73+dfsg.1/files.c:2007:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char teststr[50], teststr2[20], pagestr[100]; data/xcircuit-3.9.73+dfsg.1/files.c:2133:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). multipage = atoi(pdchar); data/xcircuit-3.9.73+dfsg.1/files.c:2165:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pagestr, "%d", page + 1); data/xcircuit-3.9.73+dfsg.1/files.c:2395:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpstr[6], *rootptr; data/xcircuit-3.9.73+dfsg.1/files.c:2412:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tpstr, "%d", page + 1); data/xcircuit-3.9.73+dfsg.1/files.c:2415:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(topobject->name, "Page %d", page + 1); data/xcircuit-3.9.73+dfsg.1/files.c:2417:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(topobject->name, "%.79s", rootptr); data/xcircuit-3.9.73+dfsg.1/files.c:2426:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(topobject->name, "%.79s", pagestr); data/xcircuit-3.9.73+dfsg.1/files.c:2614:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[100]; data/xcircuit-3.9.73+dfsg.1/files.c:2840:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramkey[100]; data/xcircuit-3.9.73+dfsg.1/files.c:2874:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newops->key, "v%d", paramno); data/xcircuit-3.9.73+dfsg.1/files.c:2987:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkdefault[5] = "(%n)"; data/xcircuit-3.9.73+dfsg.1/files.c:3102:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[100]; data/xcircuit-3.9.73+dfsg.1/files.c:3164:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[100]; data/xcircuit-3.9.73+dfsg.1/files.c:3206:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[100]; data/xcircuit-3.9.73+dfsg.1/files.c:3504:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[150], ascbuf[6]; data/xcircuit-3.9.73+dfsg.1/files.c:3652:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *temp, *buffer, keyword[80]; data/xcircuit-3.9.73+dfsg.1/files.c:3797:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpkey[30]; data/xcircuit-3.9.73+dfsg.1/files.c:4415:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpstring[100]; data/xcircuit-3.9.73+dfsg.1/files.c:4537:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempstr[50]; data/xcircuit-3.9.73+dfsg.1/files.c:4658:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newops->key, "v%d", i + 1); data/xcircuit-3.9.73+dfsg.1/files.c:4910:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%.249s", (char *)XwTextCopyBuffer(fnamewidget)); data/xcircuit-3.9.73+dfsg.1/files.c:5025:15: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(template); data/xcircuit-3.9.73+dfsg.1/files.c:5092:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outname[250]; data/xcircuit-3.9.73+dfsg.1/files.c:5104:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *outptr, *validname, outfile[150]; data/xcircuit-3.9.73+dfsg.1/files.c:5132:37: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (strchr(outptr, '.') == NULL) strcat(outfile, ".lps"); data/xcircuit-3.9.73+dfsg.1/files.c:5156:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(outfile, "wb"); data/xcircuit-3.9.73+dfsg.1/files.c:5367:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fptr, ascbuf[6]; data/xcircuit-3.9.73+dfsg.1/files.c:5492:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outname[150], temp[150], prologue[150], *fname, *fptr, ascbuf[6]; data/xcircuit-3.9.73+dfsg.1/files.c:5527:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(outname, "wb"); data/xcircuit-3.9.73+dfsg.1/files.c:5630:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5637:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5640:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5666:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5669:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5686:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5689:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5706:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:5709:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pro = fopen(prologue, "r"); data/xcircuit-3.9.73+dfsg.1/files.c:6020:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(qptr, "\\%3o", (int)(*pptr)); data/xcircuit-3.9.73+dfsg.1/files.c:6075:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ostr[segs], "() "); data/xcircuit-3.9.73+dfsg.1/files.c:6119:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{ss} "); data/xcircuit-3.9.73+dfsg.1/files.c:6122:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{Ss} "); data/xcircuit-3.9.73+dfsg.1/files.c:6126:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{ns} "); data/xcircuit-3.9.73+dfsg.1/files.c:6129:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{ul} "); data/xcircuit-3.9.73+dfsg.1/files.c:6132:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{ol} "); data/xcircuit-3.9.73+dfsg.1/files.c:6135:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{} "); data/xcircuit-3.9.73+dfsg.1/files.c:6138:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{hS} "); data/xcircuit-3.9.73+dfsg.1/files.c:6141:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{qS} "); data/xcircuit-3.9.73+dfsg.1/files.c:6147:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{CR} "); data/xcircuit-3.9.73+dfsg.1/files.c:6152:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{Ts} "); data/xcircuit-3.9.73+dfsg.1/files.c:6155:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{Tf} "); data/xcircuit-3.9.73+dfsg.1/files.c:6158:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{Tb} "); data/xcircuit-3.9.73+dfsg.1/files.c:6188:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(_STR, "sce} "); data/xcircuit-3.9.73+dfsg.1/files.c:6191:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(_STR, "sce} "); data/xcircuit-3.9.73+dfsg.1/files.c:6194:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{%d MR} ", chrptr->data.width); data/xcircuit-3.9.73+dfsg.1/files.c:6198:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "{%d %d Kn} ", chrptr->data.kern[0], chrptr->data.kern[1]); data/xcircuit-3.9.73+dfsg.1/files.c:6318:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%d ", ops->parameter.ivalue); data/xcircuit-3.9.73+dfsg.1/files.c:6323:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%g ", ops->parameter.fvalue); data/xcircuit-3.9.73+dfsg.1/files.c:6459:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%d ", ops->parameter.ivalue); data/xcircuit-3.9.73+dfsg.1/files.c:6464:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%g ", ops->parameter.fvalue); data/xcircuit-3.9.73+dfsg.1/files.c:6576:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%hd ", TOPOLY(savegen)->number); data/xcircuit-3.9.73+dfsg.1/files.c:6581:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtox "); data/xcircuit-3.9.73+dfsg.1/files.c:6587:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtoy "); data/xcircuit-3.9.73+dfsg.1/files.c:6591:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "polygon\n"); data/xcircuit-3.9.73+dfsg.1/files.c:6609:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtox1 "); data/xcircuit-3.9.73+dfsg.1/files.c:6615:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtoy1 "); data/xcircuit-3.9.73+dfsg.1/files.c:6629:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%hd ", TOPOLY(pgen)->number - 1); data/xcircuit-3.9.73+dfsg.1/files.c:6634:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtox "); data/xcircuit-3.9.73+dfsg.1/files.c:6640:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtoy "); data/xcircuit-3.9.73+dfsg.1/files.c:6644:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "polyc\n"); data/xcircuit-3.9.73+dfsg.1/files.c:6654:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtox3 "); data/xcircuit-3.9.73+dfsg.1/files.c:6660:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtoy3 "); data/xcircuit-3.9.73+dfsg.1/files.c:6686:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtox4 "); data/xcircuit-3.9.73+dfsg.1/files.c:6692:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "addtoy4 "); data/xcircuit-3.9.73+dfsg.1/files.c:6785:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "ctmk "); data/xcircuit-3.9.73+dfsg.1/files.c:6787:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%hd ", segs); data/xcircuit-3.9.73+dfsg.1/files.c:6800:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_STR, "pinlabel\n"); break; data/xcircuit-3.9.73+dfsg.1/files.c:6802:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_STR, "pinglobal\n"); break; data/xcircuit-3.9.73+dfsg.1/files.c:6804:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_STR, "infolabel\n"); break; data/xcircuit-3.9.73+dfsg.1/files.c:6806:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(_STR, "label\n"); data/xcircuit-3.9.73+dfsg.1/fontfile.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250], _STR[150]; data/xcircuit-3.9.73+dfsg.1/fontfile.c:64:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempname[256]; data/xcircuit-3.9.73+dfsg.1/fontfile.c:106:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(dashptr, "-Roman"); data/xcircuit-3.9.73+dfsg.1/fontfile.c:157:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[250], commandstr[30], tempname[100]; data/xcircuit-3.9.73+dfsg.1/fontfile.c:341:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char estr[12]; data/xcircuit-3.9.73+dfsg.1/fontfile.c:359:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char estr[12]; data/xcircuit-3.9.73+dfsg.1/formats.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/formats.c:60:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[150], temp[500], *pdchar; data/xcircuit-3.9.73+dfsg.1/formats.c:69:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/formats.c:72:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/formats.c:75:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/formats.c:150:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *lineptr, keyptr, tmpstring[256]; data/xcircuit-3.9.73+dfsg.1/formats.c:537:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[150], *temp, *buffer, keyword[30], percentc, *pdchar; data/xcircuit-3.9.73+dfsg.1/formats.c:540:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colorstr[100][5]; data/xcircuit-3.9.73+dfsg.1/formats.c:547:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/formats.c:550:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/formats.c:553:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ps = fopen(inname, "r"); data/xcircuit-3.9.73+dfsg.1/functions.c:2446:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dashstring[2]; data/xcircuit-3.9.73+dfsg.1/functions.c:2948:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100], extend[10], *dotptr; data/xcircuit-3.9.73+dfsg.1/functions.c:2965:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dotptr, ".ps"); data/xcircuit-3.9.73+dfsg.1/functions.c:2968:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dotptr, ".tex"); data/xcircuit-3.9.73+dfsg.1/functions.c:2970:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "w"); data/xcircuit-3.9.73+dfsg.1/graphic.c:321:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[5], c, buf[128]; data/xcircuit-3.9.73+dfsg.1/graphic.c:337:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fg = fopen(filename, "r"); data/xcircuit-3.9.73+dfsg.1/graphic.c:448:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[11]; data/xcircuit-3.9.73+dfsg.1/graphic.c:469:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(id, "gradient%02d", y); data/xcircuit-3.9.73+dfsg.1/help.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *function_names[NUM_FUNCTIONS]; data/xcircuit-3.9.73+dfsg.1/keybindings.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150], _STR2[250]; data/xcircuit-3.9.73+dfsg.1/keybindings.c:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *function_names[NUM_FUNCTIONS + 1] = { data/xcircuit-3.9.73+dfsg.1/keybindings.c:339:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!first) strcat(retstr, ", "); data/xcircuit-3.9.73+dfsg.1/keybindings.c:349:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(retstr, "<unbound>"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:374:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (!first) strcat(retstr, ", "); data/xcircuit-3.9.73+dfsg.1/keybindings.c:383:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(retstr, "<unbound>"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:407:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Nothing"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:421:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hex[17] = "0123456789ABCDEF"; data/xcircuit-3.9.73+dfsg.1/keybindings.c:436:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & Mod1Mask) strcat(kptr, "Alt_"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:437:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & Mod4Mask) strcat(kptr, "Hold_"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:438:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & ControlMask) strcat(kptr, "Control_"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:439:25: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & LockMask) strcat(kptr, "Capslock_"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:440:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & ShiftMask) strcat(kptr, "Shift_"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:449:31: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & Button1Mask) strcat(kptr, "Button1"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:450:36: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (kmod & Button2Mask) strcat(kptr, "Button2"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:451:36: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (kmod & Button3Mask) strcat(kptr, "Button3"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:452:36: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (kmod & Button4Mask) strcat(kptr, "Button4"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:453:36: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (kmod & Button5Mask) strcat(kptr, "Button5"); data/xcircuit-3.9.73+dfsg.1/keybindings.c:482:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(_STR2, ", "); data/xcircuit-3.9.73+dfsg.1/keybindings.c:489:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(_STR2, ", "); data/xcircuit-3.9.73+dfsg.1/keybindings.c:496:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(_STR2, ", "); data/xcircuit-3.9.73+dfsg.1/libraries.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/menucalls.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; data/xcircuit-3.9.73+dfsg.1/menucalls.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; /* Generic multipurpose string */ data/xcircuit-3.9.73+dfsg.1/menucalls.c:140:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%5.3f", value * iscale); data/xcircuit-3.9.73+dfsg.1/menucalls.c:144:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%5.3f cm", value * iscale * oscale / IN_CM_CONVERT); data/xcircuit-3.9.73+dfsg.1/menucalls.c:148:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%5.3f in", value * iscale * oscale / 72.0); data/xcircuit-3.9.73+dfsg.1/menucalls.c:153:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buffer, " in"); data/xcircuit-3.9.73+dfsg.1/menucalls.c:306:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char units[12]; data/xcircuit-3.9.73+dfsg.1/menucalls.c:334:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char units[10], *expos; data/xcircuit-3.9.73+dfsg.1/menucalls.c:339:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(units, "in"); data/xcircuit-3.9.73+dfsg.1/menucalls.c:787:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newlibobj->name, "Library %d", libnum - LIBRARY + 1); data/xcircuit-3.9.73+dfsg.1/menucalls.c:820:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "newpagebutton \"Page %d\"", xobjs.pages); data/xcircuit-3.9.73+dfsg.1/menucalls.c:872:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstr[6]; data/xcircuit-3.9.73+dfsg.1/menucalls.c:875:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cstr, "%5d", colorval); data/xcircuit-3.9.73+dfsg.1/menucalls.c:891:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fstr[10]; data/xcircuit-3.9.73+dfsg.1/menucalls.c:901:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fstr, "%d", fillfactor); data/xcircuit-3.9.73+dfsg.1/menucalls.c:903:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fstr, "solid"); data/xcircuit-3.9.73+dfsg.1/menucalls.c:906:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fstr, "unfilled"); data/xcircuit-3.9.73+dfsg.1/menucalls.c:1114:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%d", cindex); data/xcircuit-3.9.73+dfsg.1/menucalls.c:1423:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%d", newfont); data/xcircuit-3.9.73+dfsg.1/menucalls.c:1525:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%d", newfont); data/xcircuit-3.9.73+dfsg.1/menucalls.c:1627:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%d", newfont); data/xcircuit-3.9.73+dfsg.1/menudep.c:123:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mp = fopen("menudep.h", "w")) == NULL) { data/xcircuit-3.9.73+dfsg.1/menudep.c:159:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fid = fopen("menudep.h", "w"); data/xcircuit-3.9.73+dfsg.1/netlist.c:71:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/netlist.c:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; data/xcircuit-3.9.73+dfsg.1/netlist.c:121:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bconv[10]; data/xcircuit-3.9.73+dfsg.1/netlist.c:3076:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(snew, "int%d", netid); data/xcircuit-3.9.73+dfsg.1/netlist.c:3813:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout + strlen(sout), "%d", data/xcircuit-3.9.73+dfsg.1/netlist.c:3818:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout + strlen(sout), "%d", data/xcircuit-3.9.73+dfsg.1/netlist.c:3878:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). finclude = fopen(_STR, "r"); data/xcircuit-3.9.73+dfsg.1/netlist.c:5442:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/xcircuit-3.9.73+dfsg.1/netlist.c:5477:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(filename, "w")) == NULL) { data/xcircuit-3.9.73+dfsg.1/netlist.c:6005:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "NET%d ", netidx++); data/xcircuit-3.9.73+dfsg.1/ngspice.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250], _STR[150]; data/xcircuit-3.9.73+dfsg.1/ngspice.c:63:9: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define vfork fork data/xcircuit-3.9.73+dfsg.1/ngspice.c:120:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[4096]; data/xcircuit-3.9.73+dfsg.1/ngspice.c:171:19: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. spiceproc = vfork(); data/xcircuit-3.9.73+dfsg.1/ngspice.c:295:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%d", numc); data/xcircuit-3.9.73+dfsg.1/ngspice.c:310:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%g", refval); data/xcircuit-3.9.73+dfsg.1/parameter.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/parameter.c:1499:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *newkey, stkey[20]; data/xcircuit-3.9.73+dfsg.1/parameter.c:1646:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_key[7], *keyptr; data/xcircuit-3.9.73+dfsg.1/parameter.c:2096:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sstart, "Choose: "); data/xcircuit-3.9.73+dfsg.1/parameter.c:2103:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sptr, ", "); data/xcircuit-3.9.73+dfsg.1/pp.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/xcircuit-3.9.73+dfsg.1/pp.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer2[4096]; data/xcircuit-3.9.73+dfsg.1/pp.c:85:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(argv[0], "r"); data/xcircuit-3.9.73+dfsg.1/python.c:81:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250], _STR[150]; data/xcircuit-3.9.73+dfsg.1/python.c:263:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Label"); data/xcircuit-3.9.73+dfsg.1/python.c:267:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Polygon"); data/xcircuit-3.9.73+dfsg.1/python.c:271:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Bezier Curve"); data/xcircuit-3.9.73+dfsg.1/python.c:275:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Object Instance"); data/xcircuit-3.9.73+dfsg.1/python.c:279:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Path"); data/xcircuit-3.9.73+dfsg.1/python.c:283:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retstr, "Arc"); data/xcircuit-3.9.73+dfsg.1/python.c:1737:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "buttondict[%ld]()\n", (long int)w); data/xcircuit-3.9.73+dfsg.1/python.c:1792:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "tooldict[%ld]()\n", (long int)w); data/xcircuit-3.9.73+dfsg.1/python.c:1876:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "tooldict[%d]", i); data/xcircuit-3.9.73+dfsg.1/python.c:1898:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "keydict[%d]\n", keystate); data/xcircuit-3.9.73+dfsg.1/python.c:1906:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "keydict[%d]()\n", keystate); data/xcircuit-3.9.73+dfsg.1/python.c:1963:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "xc_version = %2.1f\n", PROG_VERSION); data/xcircuit-3.9.73+dfsg.1/python.c:2007:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/python.c:2009:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/python.c:2028:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) != NULL) { data/xcircuit-3.9.73+dfsg.1/python.c:2056:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/python.c:2059:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(_STR2, "r"); data/xcircuit-3.9.73+dfsg.1/rcfile.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250], _STR[150]; data/xcircuit-3.9.73+dfsg.1/rcfile.c:74:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[50], value[50]; data/xcircuit-3.9.73+dfsg.1/rcfile.c:422:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/rcfile.c:424:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/rcfile.c:441:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) != NULL) readcommand(0, fd); data/xcircuit-3.9.73+dfsg.1/rcfile.c:462:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/rcfile.c:465:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(_STR2, "r"); data/xcircuit-3.9.73+dfsg.1/render.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250], _STR[150]; data/xcircuit-3.9.73+dfsg.1/render.c:71:9: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define vfork fork data/xcircuit-3.9.73+dfsg.1/render.c:103:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%ld %d %d %d %d %d %g %g %d %d %d %d", data/xcircuit-3.9.73+dfsg.1/render.c:265:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char env_str1[128], env_str2[64]; data/xcircuit-3.9.73+dfsg.1/render.c:304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[4096]; data/xcircuit-3.9.73+dfsg.1/render.c:309:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(env_str2, "GHOSTVIEW=%ld %ld", (long)areawin->window, (long)bbuf); data/xcircuit-3.9.73+dfsg.1/render.c:313:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%ld %ld", (long)areastruct.areawin, (long)bbuf); data/xcircuit-3.9.73+dfsg.1/render.c:343:16: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. gsproc = vfork(); data/xcircuit-3.9.73+dfsg.1/render.c:364:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(env_str2, "GHOSTVIEW=%ld %ld", (long)areawin->window, (long)bbuf); data/xcircuit-3.9.73+dfsg.1/render.c:368:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%ld %ld", (long)areawin->window, (long)bbuf); data/xcircuit-3.9.73+dfsg.1/render.c:394:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_in[256]; data/xcircuit-3.9.73+dfsg.1/render.c:447:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fi = fopen(fname, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/render.c:501:10: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). tfd = mkstemp(file_in + 1); data/xcircuit-3.9.73+dfsg.1/render.c:531:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_in[256]; data/xcircuit-3.9.73+dfsg.1/render.c:535:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((psf = fopen(fname, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/render.c:617:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%3.2f %3.2f translate\n", xpos, ypos); data/xcircuit-3.9.73+dfsg.1/render.c:619:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, "%3.2f %3.2f scale\n", norm, norm); data/xcircuit-3.9.73+dfsg.1/schema.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/schema.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; data/xcircuit-3.9.73+dfsg.1/schema.c:199:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(clnptr + 1, "%d", n + 1); data/xcircuit-3.9.73+dfsg.1/schema.c:320:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "Network(s): "); data/xcircuit-3.9.73+dfsg.1/schema.c:429:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char typestr[40]; data/xcircuit-3.9.73+dfsg.1/schema.c:437:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(typestr, "Changed label to "); data/xcircuit-3.9.73+dfsg.1/schema.c:440:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(typestr, "normal label"); data/xcircuit-3.9.73+dfsg.1/schema.c:443:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(typestr, "global pin"); data/xcircuit-3.9.73+dfsg.1/schema.c:446:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(typestr, "local pin"); data/xcircuit-3.9.73+dfsg.1/schema.c:449:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(typestr, "info-label"); data/xcircuit-3.9.73+dfsg.1/selection.c:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/selection.c:460:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new, *old, cycles * sizeof(pointselect)); data/xcircuit-3.9.73+dfsg.1/spiceparser/README.c:188:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(subckt_filename,"rt"); data/xcircuit-3.9.73+dfsg.1/spiceparser/README.c:193:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp_pins=fopen(pins_output,"w"); data/xcircuit-3.9.73+dfsg.1/spiceparser/README.c:197:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp_flat=fopen(flat_spice,"w"); data/xcircuit-3.9.73+dfsg.1/spiceparser/bitlist.h:34:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[4]; data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c:174:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sig=atoi(pa); data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c:187:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rest=atoi(pb); data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c:207:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'e': v*=pow(10.0,(float)atoi(pb+i+1)); data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c:546:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lp,cp,((char *)lpn)-((char *)lp)); data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c:640:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np,p,q); data/xcircuit-3.9.73+dfsg.1/spiceparser/eqn.c:670:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nnp,p,q); data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c:545:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lp,cp,((char *)lpn)-((char *)lp)); data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c:613:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np,p,q); data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c:643:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nnp,p,q); data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c:739:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c:740:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"eqn=%g \n ",eqn.val); data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.h:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unget[4]; data/xcircuit-3.9.73+dfsg.1/spiceparser/eval.h:55:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *eval_op_names[EOlast+1]; data/xcircuit-3.9.73+dfsg.1/spiceparser/hash.c:80:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash_bin2user(p),copyfrom,size); data/xcircuit-3.9.73+dfsg.1/spiceparser/list.c:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p,d,l->s); data/xcircuit-3.9.73+dfsg.1/spiceparser/list.c:262:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(save!=NULL)memcpy(save,p,l->s); data/xcircuit-3.9.73+dfsg.1/spiceparser/list.c:284:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d,oldl->d,oldl->s*oldl->q); data/xcircuit-3.9.73+dfsg.1/spiceparser/list.c:295:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d,copyfrom->d,copyfrom->s*copyfrom->q); data/xcircuit-3.9.73+dfsg.1/spiceparser/list.c:307:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a,b,l->s); data/xcircuit-3.9.73+dfsg.1/spiceparser/memory.h:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MEMORY_CHUNKSIZE]; data/xcircuit-3.9.73+dfsg.1/spiceparser/mergedup.h:28:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sorted[1]; data/xcircuit-3.9.73+dfsg.1/spiceparser/names.c:175:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/xcircuit-3.9.73+dfsg.1/spiceparser/names.c:195:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"names: %i bins (%i totaling %i) , alloc %i, avg: %i %i max: %i %i",nt->qtybins,nt->qtynames,nt->namebytes,nt->bytesalloc,qp,qs,mp,ms); data/xcircuit-3.9.73+dfsg.1/spiceparser/names.h:35:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:515:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:516:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf," %i",k); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:651:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:673:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,p,sin); /* yes, we copy twice. this is required, think about it */ data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.h:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sym[8]; /* symbolic name */ data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.h:226:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:451:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(db->pvals,fdb->pvals,sizeof(float)*fdb->qvals); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:482:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fdb->pvals,db->pvals,sizeof(float)*fdb->qvals); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:659:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:673:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(i_node==-1)sprintf(tmp,"root"); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:674:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(tmp,"n%i",i_node); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nn[64],*nnp; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:839:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nn,"n%i_",in); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:840:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(nn,"root_"); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:848:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nnp,"%i",j); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:857:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nn,"n%i_",on); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:864:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nnp,"%i",j); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:879:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:977:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096],*lp; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:982:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). qty=atoi(line+sizeof(nlib_flatdb_ver)); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:1081:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(defs.line_stop,".end_nlib"); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:1115:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). z=atoi(p->val); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:1200:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wires=atoi(p->val); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:1204:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tokens=atoi(p->val); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:1337:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *names[64]; /* max limit */ data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.h:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NLIB_MAXFREF]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[4096]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:121:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pc->str,str,l); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:775:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(topcard[0].str,".su"); /* max 4 bytes */ data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:780:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(topcard[1].str,"TOP"); /* MAX 4 bytes */ data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:898:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024*63]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:913:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bp,str,l); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:926:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bp,c,l); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.h:88:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char str[4]; /* alloc in place */ data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.h:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4]; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.h:120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4]; data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:51:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4096]; data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:416:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scan->sectp->eoline,p1,l1-lc); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:428:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scan->sectp->eoline,p1,l1); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:443:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->str,p1,l1); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:447:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c->str+l1+1,p3,l2); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:708:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(spicedef.line_stop,".end_spice"); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:716:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(spicedef.whitespace," \t\n\r"); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[4]; data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_stop[32]; /* stop scanning when we hit this line */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eol_continue[8]; /* continue line if this is detected at the end */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bol_continue[8]; /* continue line if this is detected at beggining */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tokenize[8]; /* prefix for all tokens of interest */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char whitespace[32]; /* ignore all of this */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:85:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char commentstart[8]; /* this starts a comment */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuf[512]; /* line buffer */ data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.h:98:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eoline[512]; /* continue buffer */ data/xcircuit-3.9.73+dfsg.1/spiceparser/sort.c:166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pivot, mid, size); data/xcircuit-3.9.73+dfsg.1/svg.c:28:9: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define vfork fork data/xcircuit-3.9.73+dfsg.1/svg.c:207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fname, outname[128], *pptr; data/xcircuit-3.9.73+dfsg.1/svg.c:224:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ppf = fopen(fname, "w"); data/xcircuit-3.9.73+dfsg.1/svg.c:246:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pptr, ".png"); data/xcircuit-3.9.73+dfsg.1/svg.c:248:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(outname, ".png"); data/xcircuit-3.9.73+dfsg.1/svg.c:251:19: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. if ((pid = vfork()) == 0) { data/xcircuit-3.9.73+dfsg.1/svg.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outname[128], *pptr; data/xcircuit-3.9.73+dfsg.1/svg.c:288:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pptr, ".png"); data/xcircuit-3.9.73+dfsg.1/svg.c:290:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(outname, ".png"); data/xcircuit-3.9.73+dfsg.1/svg.c:1028:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). svgf = fopen(filename, "w"); data/xcircuit-3.9.73+dfsg.1/svg.c:1114:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[128], *pptr; data/xcircuit-3.9.73+dfsg.1/svg.c:1145:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pptr + 1, "svg"); data/xcircuit-3.9.73+dfsg.1/svg.c:1147:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename, ".svg"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150], _STR2[250]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:58:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char STIPDATA[STIPPLES][4] = { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:133:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snew, s, slen); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:145:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char outstr[128] = "puts -nonewline std"; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:365:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newcmd + (int)(sptr - substcmd), "%d", objc); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:2464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colorstr[14]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:2465:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(colorstr, "#%04x%04x%04x", data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:2938:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (char *)param_types[type]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4028:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (char *)encValues[i]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4044:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (char *)styValues[i]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4859:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%f", wvalue); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6341:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tmpstr, buffer[30], **sptr; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7142:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_return[150]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7907:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pageobj->name, "Page %d", areawin->page + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7909:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pageobj->name, "%.79s", _STR2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8374:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). chklib = fopen(filename, "a"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8944:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8946:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8948:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8970:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) != NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9251:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9255:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9259:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(_STR2, "r")) == NULL) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9262:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(_STR2, "r"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9559:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curentry[150]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9563:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(curentry, "%.149s", (char *)Tcl_GetStringResult(xcinterp)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9766:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). appdata.timeout = atoi((char *)xcuid); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9784:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char winpath[512]; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10167:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tstr[128], *bigstr = NULL, *strptr; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10186:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(bigstr, "}}"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10190:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tstr, "}}"); data/xcircuit-3.9.73+dfsg.1/text.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; data/xcircuit-3.9.73+dfsg.1/text.c:424:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(promote[pidx]->data.string, "%12d", ops->parameter.ivalue); data/xcircuit-3.9.73+dfsg.1/text.c:429:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(promote[pidx]->data.string, "%g", (double)(ops->parameter.fvalue)); data/xcircuit-3.9.73+dfsg.1/text.c:581:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sout, "<ERROR>"); data/xcircuit-3.9.73+dfsg.1/text.c:585:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout, "%c", sc); data/xcircuit-3.9.73+dfsg.1/text.c:587:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout, "/%03o", (u_char)sc); data/xcircuit-3.9.73+dfsg.1/text.c:597:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout, "Scale=%3.2f", strptr->data.scale); data/xcircuit-3.9.73+dfsg.1/text.c:600:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout, "Kern=(%d,%d)", strptr->data.kern[0], strptr->data.kern[1]); data/xcircuit-3.9.73+dfsg.1/text.c:624:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sout, "<ERROR>"); data/xcircuit-3.9.73+dfsg.1/text.c:628:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout, "%c", sc); data/xcircuit-3.9.73+dfsg.1/text.c:630:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sout, "/%03o", (u_char)sc); data/xcircuit-3.9.73+dfsg.1/text.c:731:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newstr, "%d", subnet); data/xcircuit-3.9.73+dfsg.1/text.c:747:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(endptr, "%c%d%c", areawin->buschar, subnet, data/xcircuit-3.9.73+dfsg.1/text.c:785:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, "%d", sbus->subnetid); data/xcircuit-3.9.73+dfsg.1/text.c:788:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, "%c", standard_delimiter_end(areawin->buschar)); data/xcircuit-3.9.73+dfsg.1/tkSimple.c:309:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) simplePtr, Tcl_GetString(objv[2]), 0); data/xcircuit-3.9.73+dfsg.1/tkSimple.c:318:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) simplePtr, Tcl_GetString(objv[2]), 0); data/xcircuit-3.9.73+dfsg.1/w32x11.c:395:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[MAX_PATH]; data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:12:9: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t buffer[1024]; data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:20:4: [2] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. wcscat(buffer, L"\\\""); data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:22:4: [2] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. wcscat(buffer, L"\\\" "); data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:32:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t wish_exe[1024] = {0}; data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:33:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t lib_path[1024] = {0}; data/xcircuit-3.9.73+dfsg.1/xcircuit-win32.c:39:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[1100]; data/xcircuit-3.9.73+dfsg.1/xcircuit.c:99:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _STR2[250]; /* Specifically for text returned from the popup prompt */ data/xcircuit-3.9.73+dfsg.1/xcircuit.c:100:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _STR[150]; /* Generic multipurpose string */ data/xcircuit-3.9.73+dfsg.1/xcircuit.c:183:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, data/xcircuit-3.9.73+dfsg.1/xcircuit.c:318:31: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ((words % 8) == 0) strcat(*promptstr, ",\n"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:319:31: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (changes > 0) strcat(*promptstr, ", "); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:339:31: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if ((words % 8) == 0) strcat(*promptstr, ",\n"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:340:31: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else if (changes > 0) strcat(*promptstr, ", "); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:370:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(promptstr, ".query.title.field configure -text \"Unsaved changes in: "); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:380:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(promptstr, "\nQuit anyway?"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:435:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(scdest, "%6.5f", oscale); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:437:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(xdest, "%6.5f", (width * psscale) / IN_CM_CONVERT); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:438:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ydest, "%6.5f", (height * psscale) / IN_CM_CONVERT); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:441:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(xdest, "%6.5f", (width * psscale) / 72.0); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:442:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ydest, "%6.5f", (height * psscale) / 72.0); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:504:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[50], buf2[50]; data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TCL_INTEGER_SPACE]; data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1252:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "H%08lX", objPtr->internalRep.longValue); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1299:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1300:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "expected handle but got \"%.50s\"", string); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1469:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xobjs.libtop[FONTLIB]->thisobject->name, "Font Character List"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1470:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xobjs.libtop[PAGELIB]->thisobject->name, "Page Directory"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1471:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xobjs.libtop[LIBLIB]->thisobject->name, "Library Directory"); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1472:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xobjs.libtop[USERLIB]->thisobject->name, "User Library"); data/xcircuit-3.9.73+dfsg.1/xcircuit.h:1044:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[80]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:33:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char STIPDATA[STIPPLES][4] = { data/xcircuit-3.9.73+dfsg.1/xcwin32.c:438:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[MAX_PATH]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:787:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gc->line_dash, dash+offset, n); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1075:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024] = {0}; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1076:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filterspec[1024] = {0}; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1122:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, "CLEAR", 5); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1132:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1143:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "Keypad_"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:1921:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:2096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char snum[5]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:2136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bmi->bmiColors+i, &colors[i].color, sizeof(RGBQUAD)); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:2711:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3011:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statics[MAXPROPS][50], edit[MAXPROPS][75], request[150]; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3055:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(request, "PostScript output properties (Page %d):", areawin->page + 1); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3056:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[0], "Filename:"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3057:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[1], "Page label:"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3058:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[2], "Scale:"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3060:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[3], "X Size (cm):"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3061:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[4], "Y Size (cm):"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3063:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[3], "X Size (in):"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3064:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[4], "Y Size (in):"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3066:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[5], "Orientation:"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3067:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[6], "Mode:"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3072:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(request, ".ps"); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3112:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(request, "%d Pages", pagelinks(areawin->page)); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3124:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(request, "%3.2f x %3.2f cm", data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3128:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(request, "%3.2f x %3.2f in", data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3262:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[MAX_PATH] = {0}; data/xcircuit-3.9.73+dfsg.1/xcwrap.c:144:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[256]; data/xcircuit-3.9.73+dfsg.1/xcwrap.c:149:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version_string[20]; data/xcircuit-3.9.73+dfsg.1/xcwrap.c:165:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(command, "xcircuit::"); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:211:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(version_string, "%d", PROG_REVISION); data/xcircuit-3.9.73+dfsg.1/xcwrap.c:214:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(version_string, "%g", PROG_VERSION); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:43:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; /* Generic multipurpose string */ data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:429:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:444:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:601:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpedit[75]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:622:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:627:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "0,0"); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:638:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d,%d", kx, ky); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:644:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d,%d", kx, ky); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:660:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:665:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d:%d", ptptr->x, ptptr->y); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:675:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:682:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%5.2f", *floatptr); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:701:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:720:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4.2f", flval); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:730:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:736:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4.2f", *widthptr / 2.0); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:747:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:774:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4.2f", areawin->linewidth); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:779:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4.2f", flval); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:791:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:795:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%4.2f", *floatptr); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:846:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(topobject->name, "Page %d", areawin->page + 1); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:848:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(topobject->name, "%.79s", _STR2); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1251:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char libstring[20]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1267:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newlibobj->name, "Library %d", libnum - LIBRARY + 1); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1297:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(libstring, "Library %d", libnum - LIBRARY + 2); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1324:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pagestring[10]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1330:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pagestring, "Page %d", xobjs.pages); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1355:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[10]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1357:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bname, "Page %d", pagenumber + 1); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1381:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bname[13]; data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1383:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bname, "Library %d", libnumber - LIBRARY + 1); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1564:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%d", cindex); data/xcircuit-3.9.73+dfsg.1/xtgui.c:82:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR2[250]; /* Specifically for text returned from the popup prompt */ data/xcircuit-3.9.73+dfsg.1/xtgui.c:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char _STR[150]; /* Generic multipurpose string */ data/xcircuit-3.9.73+dfsg.1/xtgui.c:109:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char STIPDATA[STIPPLES][4] = { data/xcircuit-3.9.73+dfsg.1/xtgui.c:280:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char popupname[30]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:553:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(promptstr, "Unsaved changes in: "); data/xcircuit-3.9.73+dfsg.1/xtgui.c:563:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(promptstr, "\nQuit anyway?"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:669:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%.249s", XwTextCopyBuffer(callstruct->textw)); data/xcircuit-3.9.73+dfsg.1/xtgui.c:715:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%.249s", XwTextCopyBuffer(callstruct->textw)); data/xcircuit-3.9.73+dfsg.1/xtgui.c:721:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blabel[1024]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:732:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blabel, " Overwrite File "); data/xcircuit-3.9.73+dfsg.1/xtgui.c:737:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blabel, " Write File "); data/xcircuit-3.9.73+dfsg.1/xtgui.c:752:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(blabel, "%d Pages", num_linked); data/xcircuit-3.9.73+dfsg.1/xtgui.c:780:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edit[3][50]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:817:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(topobject->name, "%.79s", rootptr); data/xcircuit-3.9.73+dfsg.1/xtgui.c:991:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statics[MAXPROPS][50], edit[MAXPROPS][75], request[150]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:992:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpedit[75], outname[75], pstr[20]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1006:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(request, "PostScript output properties (Page %d):", data/xcircuit-3.9.73+dfsg.1/xtgui.c:1008:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[0], "Filename:"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1009:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[1], "Page label:"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1010:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[2], "Scale:"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1012:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[3], "X Size (cm):"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1013:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[4], "Y Size (cm):"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1016:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[3], "X Size (in):"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1017:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[4], "Y Size (in):"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1019:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[5], "Orientation:"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1020:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(statics[6], "Mode:"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1025:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(edit[0], "Page %d", areawin->page + 1); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1064:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outname, "Overwrite File"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1068:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(outname, "Write File"); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1196:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pstr, "%d Pages", num_linked); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1215:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fpedit, "%3.2f x %3.2f cm", data/xcircuit-3.9.73+dfsg.1/xtgui.c:1220:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fpedit, "%3.2f x %3.2f in", data/xcircuit-3.9.73+dfsg.1/xtgui.c:1310:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[50], buf2[50]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1331:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char outstr[128]; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1430:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR2, "%.249s", XwTextCopyBuffer(cmdw)); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1705:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(_STR, " Welcome to Xcircuit Version %2.1f", PROG_VERSION); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:143:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). pos1 = (*(source->read))(source, pos1, &blk, pos2 - pos1); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:271:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(source->read))(source, fromPos, &blk, toPos - fromPos); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:275:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(source->read))(source, index, &blk, toPos - fromPos); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:333:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(source->read))(source, fromPos, &blk, bufferSize); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:345:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(source->read))(source, pos, &blk, bufferSize); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:421:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(source->read))(source, fromPos, &blk, bufferSize); data/xcircuit-3.9.73+dfsg.1/Xw/Display.c:428:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(source->read))(source, index, &blk, bufferSize); data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:422:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(keySymName, start, str-start); data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:484:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(modStr, start, str-start); data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:513:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(modStr, start, str-start); data/xcircuit-3.9.73+dfsg.1/Xw/MapEvents.c:572:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(eventTypeStr, start, str-start); data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:229:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.postString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:265:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.selectString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:301:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.unpostString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:332:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.kbdSelectString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:436:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.postString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:478:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.selectString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:520:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.unpostString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/MenuMgr.c:564:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->menu_mgr.kbdSelectString) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:348:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->popup_mgr.postAccelerator) > 0) && data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:368:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->popup_mgr.postAccelerator) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:475:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(new->popup_mgr.postAccelerator) > 0)) data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:608:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (workTemplate, "!"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:638:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (workTemplate, "!"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:642:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (workTemplate, ")"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:660:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (workTemplate, "!"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:664:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (workTemplate, ")"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:690:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (workTemplate, "!"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:1124:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (workTemplate, "!"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:1131:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (workTemplate, ")"); data/xcircuit-3.9.73+dfsg.1/Xw/PopupMgr.c:3615:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (workSpace, "!"); data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:714:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). end = (*(ctx->text.source->read))(ctx->text.source, left, &text, data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:717:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(target, text.ptr, n); data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:719:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nend = (*(ctx->text.source->read))(ctx->text.source, end, &text, data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:724:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tempResult, text.ptr, n); data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.c:993:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((text.length = read(fid, buf, 512)) > 0) { data/xcircuit-3.9.73+dfsg.1/Xw/TextEdit.h:81:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(); data/xcircuit-3.9.73+dfsg.1/Xw/XwP.h:37:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define XwStrlen(s) ((s) ? strlen(s) : 0) data/xcircuit-3.9.73+dfsg.1/Xw/sub.c:91:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (*(ctx->text.source->read)) (ctx->text.source, data/xcircuit-3.9.73+dfsg.1/Xw/sub.c:470:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newtxtblk.ptr, text->ptr, text->length); data/xcircuit-3.9.73+dfsg.1/elements.c:482:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(_STR2, "| ", cleft); data/xcircuit-3.9.73+dfsg.1/elements.c:488:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cleft -= strlen(_STR); data/xcircuit-3.9.73+dfsg.1/elements.c:489:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(_STR2, _STR, cleft); data/xcircuit-3.9.73+dfsg.1/elements.c:490:10: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(_STR2, " ", --cleft); data/xcircuit-3.9.73+dfsg.1/elements.c:563:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(strptr->data.string + curloc + 1) + 1); data/xcircuit-3.9.73+dfsg.1/elements.c:564:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(strptr->data.string) == 0) data/xcircuit-3.9.73+dfsg.1/elements.c:692:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(libobj->name) + 1) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/elements.c:923:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpart->data.string = (char *)malloc(1 + strlen(clientdata)); data/xcircuit-3.9.73+dfsg.1/elements.c:973:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(lastpos->data.string); data/xcircuit-3.9.73+dfsg.1/elements.c:982:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 2 + strlen(curpos->data.string)); data/xcircuit-3.9.73+dfsg.1/elements.c:984:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(curpos->data.string + locpos) + 1); data/xcircuit-3.9.73+dfsg.1/events.c:502:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(pageobj->name) + 1) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/events.c:2762:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = _STR + strlen(_STR); data/xcircuit-3.9.73+dfsg.1/events.c:2775:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = _STR + strlen(_STR); data/xcircuit-3.9.73+dfsg.1/events.c:2793:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = _STR + strlen(_STR); data/xcircuit-3.9.73+dfsg.1/events.c:2809:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = _STR + strlen(_STR); data/xcircuit-3.9.73+dfsg.1/events.c:4465:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). swidth2 = XTextWidth(appdata.xcfont, editstr, strlen(editstr)); data/xcircuit-3.9.73+dfsg.1/events.c:4466:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). swidth = XTextWidth(appdata.xcfont, tmpname, strlen(tmpname)); data/xcircuit-3.9.73+dfsg.1/events.c:4472:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). swidth = XTextWidth(appdata.xcfont, sptr, strlen(sptr)); data/xcircuit-3.9.73+dfsg.1/events.c:4519:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pptr = (char *)malloc(strlen((*libobj)->name) + 3); data/xcircuit-3.9.73+dfsg.1/events.c:4525:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pptr = (char *)malloc(strlen((*libobj)->name) + 2); data/xcircuit-3.9.73+dfsg.1/events.c:4527:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pptr = (char *)realloc(pptr, strlen((*libobj)->name) + 2); data/xcircuit-3.9.73+dfsg.1/events.c:4544:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pptr = (char *)malloc(strlen(sref->alias) + 2); data/xcircuit-3.9.73+dfsg.1/events.c:4546:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pptr = (char *)realloc(pptr, strlen(sref->alias) + 2); data/xcircuit-3.9.73+dfsg.1/events.c:4572:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(newobj->name) == 0) { data/xcircuit-3.9.73+dfsg.1/events.c:4587:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newobj->name, pptr, 79); data/xcircuit-3.9.73+dfsg.1/filelist.c:129:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(files[filenum].filename)); data/xcircuit-3.9.73+dfsg.1/filelist.c:210:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)malloc(1 + strlen(tpos)); data/xcircuit-3.9.73+dfsg.1/filelist.c:216:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(retstr); data/xcircuit-3.9.73+dfsg.1/filelist.c:217:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)realloc(retstr, 4 + slen + strlen(tpos)); data/xcircuit-3.9.73+dfsg.1/filelist.c:238:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(_STR2) == 0) { data/xcircuit-3.9.73+dfsg.1/filelist.c:268:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snptr = _STR + strlen(xobjs.tempdir) + 1; data/xcircuit-3.9.73+dfsg.1/filelist.c:347:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extlen = strlen(dotptr); data/xcircuit-3.9.73+dfsg.1/filelist.c:459:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[flfiles].filename = (char *) malloc ((strlen(dp->d_name) + data/xcircuit-3.9.73+dfsg.1/filelist.c:463:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(files[flfiles].filename, "/"); data/xcircuit-3.9.73+dfsg.1/filelist.c:501:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[n].filename, strlen(files[n].filename)); data/xcircuit-3.9.73+dfsg.1/filelist.c:615:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). files[filenum].filename, strlen(files[filenum].filename)); data/xcircuit-3.9.73+dfsg.1/filelist.c:624:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tbuf = (char *)malloc((strlen(ebuf) + data/xcircuit-3.9.73+dfsg.1/filelist.c:625:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(files[filenum].filename) + 6) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/filelist.c:629:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(files[filenum].filename) + 5) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/filelist.c:636:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tbuf[strlen(tbuf) - 1] != '/') strcat(tbuf, ","); data/xcircuit-3.9.73+dfsg.1/filelist.c:636:45: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (tbuf[strlen(tbuf) - 1] != '/') strcat(tbuf, ","); data/xcircuit-3.9.73+dfsg.1/filelist.c:641:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tbuf = (char *)realloc(tbuf, (strlen(cwdname) + data/xcircuit-3.9.73+dfsg.1/filelist.c:642:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(files[filenum].filename) + 5) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/filelist.c:671:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cwdname = (char *)realloc(cwdname, (strlen(cwdname) + data/xcircuit-3.9.73+dfsg.1/filelist.c:677:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cwdname = (char *)realloc(cwdname, (strlen(cwdname) + data/xcircuit-3.9.73+dfsg.1/filelist.c:678:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(files[filenum].filename) + 1) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/filelist.c:854:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wwidth = XTextWidth(appdata.xcfont, "filter", strlen("filter")); data/xcircuit-3.9.73+dfsg.1/filelist.c:887:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(lstring); data/xcircuit-3.9.73+dfsg.1/filelist.c:891:37: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (lstring[slen - 1] != '/') strcat(lstring, "/"); data/xcircuit-3.9.73+dfsg.1/files.c:202:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ssize = strlen(teststring); data/xcircuit-3.9.73+dfsg.1/files.c:724:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, stptr, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:762:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, stptr, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:796:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, stptr, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:852:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). promptstr = (char *)malloc(18 + ((cfile == NULL) ? 9 : strlen(cfile))); data/xcircuit-3.9.73+dfsg.1/files.c:858:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). promptstr = (char *)malloc(18 + strlen(loadmodes[idx].prompt)); data/xcircuit-3.9.73+dfsg.1/files.c:893:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expanded = (char *)malloc(strlen(username) + data/xcircuit-3.9.73+dfsg.1/files.c:894:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filename)); data/xcircuit-3.9.73+dfsg.1/files.c:897:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, expanded, nchars); data/xcircuit-3.9.73+dfsg.1/files.c:933:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expanded = (char *)malloc(strlen(varsub) + strlen(filename) + data/xcircuit-3.9.73+dfsg.1/files.c:933:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expanded = (char *)malloc(strlen(varsub) + strlen(filename) + data/xcircuit-3.9.73+dfsg.1/files.c:934:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sptr + 1) + 2); data/xcircuit-3.9.73+dfsg.1/files.c:939:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, expanded, nchars); data/xcircuit-3.9.73+dfsg.1/files.c:959:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(filename, "%249s", expname); data/xcircuit-3.9.73+dfsg.1/files.c:972:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (cptr == NULL) ? strlen(sptr) : (int)(cptr - sptr); data/xcircuit-3.9.73+dfsg.1/files.c:975:27: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (*(iptr - 1) != '/') strcpy(iptr++, "/"); data/xcircuit-3.9.73+dfsg.1/files.c:985:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(inname, ".", 249); data/xcircuit-3.9.73+dfsg.1/files.c:986:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(inname, suffix, 249); data/xcircuit-3.9.73+dfsg.1/files.c:1003:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (name_return) strncpy(name_return, inname, nchars); data/xcircuit-3.9.73+dfsg.1/files.c:1187:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove((void *)baseobj->name, (const void *)sptr, strlen(sptr) + 1); data/xcircuit-3.9.73+dfsg.1/files.c:1205:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(libname, "%149s", expname); data/xcircuit-3.9.73+dfsg.1/files.c:1219:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = (cptr == NULL) ? strlen(sptr) : (int)(cptr - sptr); data/xcircuit-3.9.73+dfsg.1/files.c:1222:27: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (*(iptr - 1) != '/') strcpy(iptr++, "/"); data/xcircuit-3.9.73+dfsg.1/files.c:1229:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(inname, suffix, 149); data/xcircuit-3.9.73+dfsg.1/files.c:1274:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (name_return) strncpy(name_return, inname, nchars); data/xcircuit-3.9.73+dfsg.1/files.c:1304:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int deftechlen = (defaulttech == NULL) ? 0 : strlen(defaulttech->technology); data/xcircuit-3.9.73+dfsg.1/files.c:1305:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = (char *)malloc(deftechlen + strlen(objname) + 3); data/xcircuit-3.9.73+dfsg.1/files.c:1417:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tptr += strlen(keyword) + 1; data/xcircuit-3.9.73+dfsg.1/files.c:1744:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%c %29s", &percentc, keyword); data/xcircuit-3.9.73+dfsg.1/files.c:1910:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(_STR, "%149s", inname); data/xcircuit-3.9.73+dfsg.1/files.c:1932:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). pch = getc(ps); data/xcircuit-3.9.73+dfsg.1/files.c:1958:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(_STR, "%149s", inname); data/xcircuit-3.9.73+dfsg.1/files.c:2039:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strcmp(inname + strlen(inname) - 4, ".lps")) { data/xcircuit-3.9.73+dfsg.1/files.c:2117:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%c%29s", &percentc, keyword); data/xcircuit-3.9.73+dfsg.1/files.c:2176:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp + 8, "%99s", pagestr); data/xcircuit-3.9.73+dfsg.1/files.c:2267:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*c %49s", teststr); data/xcircuit-3.9.73+dfsg.1/files.c:2275:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*c %49s", teststr); data/xcircuit-3.9.73+dfsg.1/files.c:2289:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%f %49s", &tmpfl, teststr); data/xcircuit-3.9.73+dfsg.1/files.c:2304:16: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%f %19s", &tmpfl, teststr2); data/xcircuit-3.9.73+dfsg.1/files.c:2317:12: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*f %*f %19s", teststr2); data/xcircuit-3.9.73+dfsg.1/files.c:2328:16: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*f %*s %19s", teststr2); data/xcircuit-3.9.73+dfsg.1/files.c:2352:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = (char *)malloc(strlen(buffer) + 150); data/xcircuit-3.9.73+dfsg.1/files.c:2356:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = (char *)realloc(buffer, strlen(buffer) + 150); data/xcircuit-3.9.73+dfsg.1/files.c:2385:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(inname, temp + 2, (int)(fstop - temp - 3)); data/xcircuit-3.9.73+dfsg.1/files.c:2765:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpart->data.string = (u_char *)malloc(1 + strlen(++segptr)); data/xcircuit-3.9.73+dfsg.1/files.c:2768:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parse_ps_string(segptr, newpart->data.string, strlen(segptr), TRUE, TRUE); data/xcircuit-3.9.73+dfsg.1/files.c:2778:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key) > 0) { data/xcircuit-3.9.73+dfsg.1/files.c:2780:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpart->data.string = (char *)malloc(1 + strlen(key)); data/xcircuit-3.9.73+dfsg.1/files.c:2867:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newops->key = (char *)malloc(1 + strlen(paramkey)); data/xcircuit-3.9.73+dfsg.1/files.c:2995:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(arrayptr + 1, libobj->name, strlen(libobj->name)) && data/xcircuit-3.9.73+dfsg.1/files.c:2996:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcmp(arrayptr + strlen(libobj->name) + 1, ")")) data/xcircuit-3.9.73+dfsg.1/files.c:3324:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int deftechlen = (defaulttech == NULL) ? 0 : strlen(defaulttech->technology); data/xcircuit-3.9.73+dfsg.1/files.c:3325:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullname = (char *)malloc(deftechlen + strlen(name) + 3); data/xcircuit-3.9.73+dfsg.1/files.c:3692:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(keyptr, "%79s", keyword); data/xcircuit-3.9.73+dfsg.1/files.c:3695:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retstr, buffer, 150); data/xcircuit-3.9.73+dfsg.1/files.c:4358:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(img->filename, lineptr, strlen(img->filename))) { data/xcircuit-3.9.73+dfsg.1/files.c:4369:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineptr += strlen(img->filename) + 1; data/xcircuit-3.9.73+dfsg.1/files.c:4417:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(buffer, "%f %*c%99s", &tmpscale, tmpstring); data/xcircuit-3.9.73+dfsg.1/files.c:4593:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retstr, buffer, 150); data/xcircuit-3.9.73+dfsg.1/files.c:4604:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retstr, buffer, 150); data/xcircuit-3.9.73+dfsg.1/files.c:4614:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (lineptr + 1, "%149s", _STR); data/xcircuit-3.9.73+dfsg.1/files.c:4623:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf (++lineptr, "%149s", _STR); data/xcircuit-3.9.73+dfsg.1/files.c:4727:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retstr, buffer, 150); data/xcircuit-3.9.73+dfsg.1/files.c:4866:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(retstr, buffer, 150); data/xcircuit-3.9.73+dfsg.1/files.c:5017:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *template = (char *)malloc(20 + strlen(xobjs.tempdir)); data/xcircuit-3.9.73+dfsg.1/files.c:5093:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(_STR2, "%249s", outname); data/xcircuit-3.9.73+dfsg.1/files.c:5616:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stcount += strlen(fonts[i].psname) + 1; data/xcircuit-3.9.73+dfsg.1/files.c:5618:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stcount = strlen(fonts[i].psname) + 11; data/xcircuit-3.9.73+dfsg.1/files.c:6089:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, stcount, strlen(ostr[i])); data/xcircuit-3.9.73+dfsg.1/files.c:6149:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(_STR, ""); data/xcircuit-3.9.73+dfsg.1/files.c:6186:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(_STR, "{"); data/xcircuit-3.9.73+dfsg.1/files.c:6206:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)malloc(1 + strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6268:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(validkey) + 2); data/xcircuit-3.9.73+dfsg.1/files.c:6274:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, 3 + strlen(ps_expr)); data/xcircuit-3.9.73+dfsg.1/files.c:6285:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, 1 + strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6294:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, 1 + strlen(ps_expr)); data/xcircuit-3.9.73+dfsg.1/files.c:6302:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, 7 + strlen(ops->parameter.expr)); data/xcircuit-3.9.73+dfsg.1/files.c:6319:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6324:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6360:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, strlen(validref + 3)); data/xcircuit-3.9.73+dfsg.1/files.c:6362:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, strlen(epp->key + 1)); data/xcircuit-3.9.73+dfsg.1/files.c:6417:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, strlen(validref) + 2); data/xcircuit-3.9.73+dfsg.1/files.c:6432:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, 3 + strlen(ps_expr)); data/xcircuit-3.9.73+dfsg.1/files.c:6446:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, 3 + strlen(ops->parameter.expr)); data/xcircuit-3.9.73+dfsg.1/files.c:6460:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6465:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &loccount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6577:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6582:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6588:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6592:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6610:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6616:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6630:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6635:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6641:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6645:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6655:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6661:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6687:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6693:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount (ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6760:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stcount += (2 + strlen(fptr)); data/xcircuit-3.9.73+dfsg.1/files.c:6788:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/files.c:6808:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostcount(ps, &stcount, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/fontfile.c:74:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(_STR); i++) { data/xcircuit-3.9.73+dfsg.1/fontfile.c:97:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tempname, fontname, 99); data/xcircuit-3.9.73+dfsg.1/fontfile.c:123:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). psname = (char *)malloc((1 + strlen(fontname)) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/fontfile.c:183:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%29s", commandstr); data/xcircuit-3.9.73+dfsg.1/fontfile.c:191:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:204:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). psname = (char *)malloc((1 + strlen(tempname)) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/fontfile.c:210:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %149s", _STR); data/xcircuit-3.9.73+dfsg.1/fontfile.c:222:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:223:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). family = (char *)malloc((1 + strlen(tempname)) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/fontfile.c:228:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:235:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:247:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:260:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:261:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). psname2 = (char *)malloc((1 + strlen(tempname)) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/fontfile.c:268:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:274:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %*s %*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:279:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %*s %*s %*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:309:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp, "%*s %99s", tempname); data/xcircuit-3.9.73+dfsg.1/fontfile.c:379:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(temp2, "%99s", tempname); data/xcircuit-3.9.73+dfsg.1/formats.c:67:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(_STR, "%149s", inname); data/xcircuit-3.9.73+dfsg.1/formats.c:134:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xobjs.pagelist[areawin->page]->filename, (strlen(inname) + 1) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/formats.c:191:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(lineptr, "%hd %249s", &signets[i], tmpstring); data/xcircuit-3.9.73+dfsg.1/formats.c:193:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). signals[i] = (char *)malloc((strlen(tmpstring) + 1) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/formats.c:243:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr->data.string = (char *)malloc(1 + strlen(tstrp)); data/xcircuit-3.9.73+dfsg.1/formats.c:436:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr->data.string = (char *)malloc(1 + strlen(signals[k])); data/xcircuit-3.9.73+dfsg.1/formats.c:545:4: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(_STR, "%149s", inname); data/xcircuit-3.9.73+dfsg.1/formats.c:620:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(keyptr, "%29s", keyword); data/xcircuit-3.9.73+dfsg.1/formats.c:636:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(bb, "%4s", &colorstr[matcolors]); data/xcircuit-3.9.73+dfsg.1/functions.c:2963:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((dotptr = strchr(filename + strlen(filename) - 4, '.')) == NULL) { data/xcircuit-3.9.73+dfsg.1/functions.c:2964:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dotptr = filename + strlen(filename); data/xcircuit-3.9.73+dfsg.1/help.c:217:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). htmp = XTextWidth(appdata.helpfont, helptext[i].text, strlen(helptext[i].text)); data/xcircuit-3.9.73+dfsg.1/help.c:220:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XTextExtents(appdata.helpfont, helptext[i].text, strlen(helptext[i].text), data/xcircuit-3.9.73+dfsg.1/help.c:237:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). htmp = XTextWidth(appdata.helpfont, bptr, strlen(bptr)); data/xcircuit-3.9.73+dfsg.1/help.c:240:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XTextExtents(appdata.helpfont, bptr, strlen(bptr), data/xcircuit-3.9.73+dfsg.1/help.c:251:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XTextExtents(appdata.helpfont, helptitle, strlen(helptitle), &dum, &t1, data/xcircuit-3.9.73+dfsg.1/help.c:269:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). helptitle, strlen(helptitle))) >> 1, t1 + 2, helptitle, strlen(helptitle)); data/xcircuit-3.9.73+dfsg.1/help.c:269:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). helptitle, strlen(helptitle))) >> 1, t1 + 2, helptitle, strlen(helptitle)); data/xcircuit-3.9.73+dfsg.1/help.c:277:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(helptext[i].text)); data/xcircuit-3.9.73+dfsg.1/help.c:287:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XDrawString(dpy, helppix, hgc, 7 + mwidth, vtmp, bptr, strlen(bptr)); data/xcircuit-3.9.73+dfsg.1/keybindings.c:229:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(funcstring, function_names[i], strlen(function_names[i]))) { data/xcircuit-3.9.73+dfsg.1/keybindings.c:230:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sscanf(funcstring + strlen(function_names[i]), "%hd", value); data/xcircuit-3.9.73+dfsg.1/keybindings.c:337:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)realloc(retstr, strlen(retstr) + strlen(tmpstr) + data/xcircuit-3.9.73+dfsg.1/keybindings.c:337:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)realloc(retstr, strlen(retstr) + strlen(tmpstr) + data/xcircuit-3.9.73+dfsg.1/keybindings.c:372:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)realloc(retstr, strlen(retstr) + strlen(tmpstr) + data/xcircuit-3.9.73+dfsg.1/keybindings.c:372:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retstr = (char *)realloc(retstr, strlen(retstr) + strlen(tmpstr) + data/xcircuit-3.9.73+dfsg.1/keybindings.c:444:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kptr = (char *)realloc(kptr, strlen(str) + 33); data/xcircuit-3.9.73+dfsg.1/keybindings.c:480:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_STR2, "="); data/xcircuit-3.9.73+dfsg.1/keybindings.c:487:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_STR2, "="); data/xcircuit-3.9.73+dfsg.1/keybindings.c:494:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_STR2, "="); data/xcircuit-3.9.73+dfsg.1/keybindings.c:501:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_STR2, "="); data/xcircuit-3.9.73+dfsg.1/libraries.c:649:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr->data.string = (char *) malloc(1 + strlen(libobj->name)); data/xcircuit-3.9.73+dfsg.1/menucalls.c:310:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(strptr, "%f %11s", &pv, units) < 2) data/xcircuit-3.9.73+dfsg.1/menucalls.c:341:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(_STR2, "%f %*c %f %9s", &px, &py, units) < 4) { data/xcircuit-3.9.73+dfsg.1/menucalls.c:350:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(expos + 1, "%f %9s", &py, units) == 0) { data/xcircuit-3.9.73+dfsg.1/menucalls.c:842:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pname = (char *)malloc(28 + strlen(plabel)); data/xcircuit-3.9.73+dfsg.1/menudep.c:50:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *newptr = (char *)malloc((strlen(textin) + 1) * sizeof(char)); data/xcircuit-3.9.73+dfsg.1/menudep.c:82:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(n2) == 0) data/xcircuit-3.9.73+dfsg.1/netlist.c:298:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(callinst->thisobject->name) : strlen(calls->devname); data/xcircuit-3.9.73+dfsg.1/netlist.c:298:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(callinst->thisobject->name) : strlen(calls->devname); data/xcircuit-3.9.73+dfsg.1/netlist.c:300:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). devlen += strlen(devstr) + 1; data/xcircuit-3.9.73+dfsg.1/netlist.c:306:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hierlen = strlen(*hierstr) + 2; data/xcircuit-3.9.73+dfsg.1/netlist.c:1790:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr->data.string = (char *)malloc(strlen(pinstring)); data/xcircuit-3.9.73+dfsg.1/netlist.c:3083:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newtext = (char *)malloc(1 + strlen(snew) + strlen(prefix)); data/xcircuit-3.9.73+dfsg.1/netlist.c:3083:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newtext = (char *)malloc(1 + strlen(snew) + strlen(prefix)); data/xcircuit-3.9.73+dfsg.1/netlist.c:3492:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(modeptr->alias, strptr->data.string, locpos); data/xcircuit-3.9.73+dfsg.1/netlist.c:3538:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr = findstringpart(strlen(mode), &locpos, plabel->string, cinst); data/xcircuit-3.9.73+dfsg.1/netlist.c:3666:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sout, strt, fnsh - strt); data/xcircuit-3.9.73+dfsg.1/netlist.c:3772:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:3773:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "%"); data/xcircuit-3.9.73+dfsg.1/netlist.c:3776:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:3777:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "\n"); data/xcircuit-3.9.73+dfsg.1/netlist.c:3780:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:3781:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "\t"); data/xcircuit-3.9.73+dfsg.1/netlist.c:3792:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(b36str) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:3792:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(b36str) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:3793:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(sout + strlen(sout), "%s", b36str); data/xcircuit-3.9.73+dfsg.1/netlist.c:3797:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) data/xcircuit-3.9.73+dfsg.1/netlist.c:3798:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(cschem->name) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:3807:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) data/xcircuit-3.9.73+dfsg.1/netlist.c:3808:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(sptr) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:3812:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 7); data/xcircuit-3.9.73+dfsg.1/netlist.c:3813:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(sout + strlen(sout), "%d", data/xcircuit-3.9.73+dfsg.1/netlist.c:3817:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 7); data/xcircuit-3.9.73+dfsg.1/netlist.c:3818:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(sout + strlen(sout), "%d", data/xcircuit-3.9.73+dfsg.1/netlist.c:3859:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_STR, strt, (int)(fnsh - strt)); data/xcircuit-3.9.73+dfsg.1/netlist.c:3882:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int stlen = strlen(sout); data/xcircuit-3.9.73+dfsg.1/netlist.c:3884:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(_STR); data/xcircuit-3.9.73+dfsg.1/netlist.c:3910:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_STR2, strt, (int)(fnsh - strt)); data/xcircuit-3.9.73+dfsg.1/netlist.c:3954:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + data/xcircuit-3.9.73+dfsg.1/netlist.c:3955:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(snew) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:3980:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_STR, strt, (int)(fnsh - strt)); data/xcircuit-3.9.73+dfsg.1/netlist.c:4002:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) data/xcircuit-3.9.73+dfsg.1/netlist.c:4003:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(snew) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:4027:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:4028:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(sout + strlen(sout) - 1) = *strt; data/xcircuit-3.9.73+dfsg.1/netlist.c:4029:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(sout + strlen(sout)) = '\0'; data/xcircuit-3.9.73+dfsg.1/netlist.c:4046:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(sout); data/xcircuit-3.9.73+dfsg.1/netlist.c:4048:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(b36str) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:4048:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(b36str) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:4062:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sout + k) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:4082:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = strlen(sout); data/xcircuit-3.9.73+dfsg.1/netlist.c:4083:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) data/xcircuit-3.9.73+dfsg.1/netlist.c:4084:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(b36str) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:4127:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stlen = strlen(sout); data/xcircuit-3.9.73+dfsg.1/netlist.c:4152:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:4153:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "\n"); data/xcircuit-3.9.73+dfsg.1/netlist.c:4156:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:4157:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "\t"); data/xcircuit-3.9.73+dfsg.1/netlist.c:4169:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:4170:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "\n"); data/xcircuit-3.9.73+dfsg.1/netlist.c:4288:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). devlen = strlen(calls->devname); data/xcircuit-3.9.73+dfsg.1/netlist.c:4360:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newprefix = (char *)realloc(newprefix, sizeof(char) * (strlen(prefix) data/xcircuit-3.9.73+dfsg.1/netlist.c:4361:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(_STR) + 2)); data/xcircuit-3.9.73+dfsg.1/netlist.c:4393:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modlen = strlen(mode); data/xcircuit-3.9.73+dfsg.1/netlist.c:4464:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = 9 + strlen(cschem->name); data/xcircuit-3.9.73+dfsg.1/netlist.c:4478:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(pstring) + 1; data/xcircuit-3.9.73+dfsg.1/netlist.c:4565:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optr->data.string = (char *)realloc(optr->data.string, strlen(stmp) + 1); data/xcircuit-3.9.73+dfsg.1/netlist.c:4698:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). modlen = strlen(mode); data/xcircuit-3.9.73+dfsg.1/netlist.c:4802:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(pstring) + 1; data/xcircuit-3.9.73+dfsg.1/netlist.c:4811:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = 1 + strlen(stsave); data/xcircuit-3.9.73+dfsg.1/netlist.c:4954:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cschem->name))); data/xcircuit-3.9.73+dfsg.1/netlist.c:4997:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(paramlist->key, strlen(paramlist->key))); data/xcircuit-3.9.73+dfsg.1/netlist.c:5035:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(calls->callobj->name))); data/xcircuit-3.9.73+dfsg.1/netlist.c:5045:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(paramlist->key, strlen(paramlist->key))); data/xcircuit-3.9.73+dfsg.1/netlist.c:5725:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newprefix = (char *)realloc(newprefix, sizeof(char) * (strlen(prefix) data/xcircuit-3.9.73+dfsg.1/netlist.c:5726:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(_STR) + 2)); data/xcircuit-3.9.73+dfsg.1/netlist.c:5772:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmppinname = (char *)malloc(strlen(newprefix) + strlen(lhs) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:5772:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmppinname = (char *)malloc(strlen(newprefix) + strlen(lhs) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:5774:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmplen = strlen(newprefix)) > 0) tmppinname[tmplen - 1] = '-'; data/xcircuit-3.9.73+dfsg.1/netlist.c:5947:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpstr->string->data.string = (char *)malloc(strlen(newprefix) data/xcircuit-3.9.73+dfsg.1/netlist.c:5948:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(snew) + 2); data/xcircuit-3.9.73+dfsg.1/netlist.c:5951:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmplen = strlen(newprefix)) > 0) data/xcircuit-3.9.73+dfsg.1/ngspice.c:221:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tlen = strlen(text); data/xcircuit-3.9.73+dfsg.1/ngspice.c:283:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). numc = read(pipeRead, bufptr, RECV_BUFSIZE - 1); data/xcircuit-3.9.73+dfsg.1/parameter.c:138:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newops->key = (char *)malloc(1 + strlen(key)); data/xcircuit-3.9.73+dfsg.1/parameter.c:153:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newepp->key = (char *)malloc(1 + strlen(key)); data/xcircuit-3.9.73+dfsg.1/parameter.c:2110:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(sptr); data/xcircuit-3.9.73+dfsg.1/parameter.c:2209:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). begpart->data.string = (char *)malloc(1 + strlen(newkey)); data/xcircuit-3.9.73+dfsg.1/pp.c:104:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(buffer2, c + strlen(p->pattern) + 1); data/xcircuit-3.9.73+dfsg.1/pp.c:114:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat(buffer2, c + strlen(p->pattern)); data/xcircuit-3.9.73+dfsg.1/python.c:137:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(_STR2) == 0) data/xcircuit-3.9.73+dfsg.1/python.c:1632:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). funcname = malloc(strlen(func_to_string(ksearch->function)) + 5); data/xcircuit-3.9.73+dfsg.1/python.c:1706:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep((int)(1e6 * delay)); data/xcircuit-3.9.73+dfsg.1/rcfile.c:97:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%149s", _STR); data/xcircuit-3.9.73+dfsg.1/rcfile.c:132:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%49s", value); data/xcircuit-3.9.73+dfsg.1/rcfile.c:152:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(argptr, "%249s %d", _STR, &pageno) >= 1) { data/xcircuit-3.9.73+dfsg.1/rcfile.c:174:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(argptr, "%149s %d", _STR, &libnum) == 1) data/xcircuit-3.9.73+dfsg.1/rcfile.c:195:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(argptr, "%149s", _STR) == 1) data/xcircuit-3.9.73+dfsg.1/rcfile.c:204:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%249s", _STR2); data/xcircuit-3.9.73+dfsg.1/rcfile.c:218:19: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((args = sscanf(argptr, "%149s", _STR)) == 1) { data/xcircuit-3.9.73+dfsg.1/rcfile.c:237:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = argptr + strlen(_STR); data/xcircuit-3.9.73+dfsg.1/rcfile.c:251:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%149s %249s", _STR, _STR2); data/xcircuit-3.9.73+dfsg.1/rcfile.c:258:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%49s", type); data/xcircuit-3.9.73+dfsg.1/rcfile.c:267:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep((int)(1e6 * dval)); data/xcircuit-3.9.73+dfsg.1/rcfile.c:300:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%*s %49s", value); data/xcircuit-3.9.73+dfsg.1/rcfile.c:312:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%*s %49s", value); data/xcircuit-3.9.73+dfsg.1/rcfile.c:325:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%*s %49s", value); data/xcircuit-3.9.73+dfsg.1/rcfile.c:331:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%*s %49s", value); data/xcircuit-3.9.73+dfsg.1/rcfile.c:340:3: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr, "%*s %49s", value); data/xcircuit-3.9.73+dfsg.1/rcfile.c:348:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. sscanf(argptr + 4, "%*s %49s", value); data/xcircuit-3.9.73+dfsg.1/render.c:109:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _STR, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/render.c:112:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _STR, strlen(_STR)); data/xcircuit-3.9.73+dfsg.1/render.c:493:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *file_in = (char *)malloc(9 + strlen(xobjs.tempdir)); data/xcircuit-3.9.73+dfsg.1/render.c:566:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *) malloc(strlen(gsfile) + 1); data/xcircuit-3.9.73+dfsg.1/render.c:594:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(fgs[1], text, strlen(text)); data/xcircuit-3.9.73+dfsg.1/render.c:597:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _write(fgs[1], text, (unsigned int)strlen(text)); data/xcircuit-3.9.73+dfsg.1/schema.c:321:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = _STR2 + strlen(_STR2); data/xcircuit-3.9.73+dfsg.1/schema.c:329:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(snew) + 1; data/xcircuit-3.9.73+dfsg.1/schema.c:337:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_SetObjResult(xcinterp, Tcl_NewStringObj(snew, strlen(snew))); data/xcircuit-3.9.73+dfsg.1/spiceparser/equations.c:271:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p=alloca(strlen(top->str)+sizeof(top->unget)+16); data/xcircuit-3.9.73+dfsg.1/spiceparser/names.c:36:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int q=strlen(str); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:418:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ep->sym,sym,8); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist.c:626:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=strlen(name)-8; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_extract.c:304:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(gn->special); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:842:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nnp=nn+strlen(nn); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:858:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nnp=nn+strlen(nn); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:892:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i=strlen(line)-1; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_lib.c:981:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(memcmp(line,nlib_flatdb_ver,strlen(nlib_flatdb_ver))!=0)return -1; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:101:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pc=malloc(sizeof(callparam_t)+strlen(str)); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:115:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(str)+1; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:144:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(str)+1; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:379:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(name) + 2); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:422:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p= ((char *)p+strlen(name)+2); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:910:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(str); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:921:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(c); data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:953:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l=strlen(str)+1; data/xcircuit-3.9.73+dfsg.1/spiceparser/netlist_spice.c:1206:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). findpc=hash_find(h1,callp->str-sizeof(paramload_t),strlen(callp->str)+sizeof(paramload_t)+1); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:79:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp+=strlen(bp); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:84:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp+=strlen(bp); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:86:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp+=strlen(bp); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:87:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(bp,"\n"); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:88:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp+=strlen(bp); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:407:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lc=strlen(def->eol_continue); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:508:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { scan->sectp->line_cont=1; lp+=strlen(def->bol_continue); } data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:513:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l=strlen(lp); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:709:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(spicedef.eol_continue,"\\"); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:710:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(spicedef.bol_continue,"+"); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:715:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(spicedef.tokenize,"."); data/xcircuit-3.9.73+dfsg.1/spiceparser/scanner.c:717:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(spicedef.commentstart,"*"); data/xcircuit-3.9.73+dfsg.1/svg.c:1146:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strcmp(filename + strlen(filename) - 3, "svg")) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:130:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = 1 + strlen(s); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:176:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bigstr, outptr, 24); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:191:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(finalstr, outptr, 24); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:302:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). substcmd = (char *)Tcl_Alloc(strlen(postcmd) + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:329:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:331:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) + strlen(tkpath)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:331:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) + strlen(tkpath)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:351:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:352:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(sres) + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:363:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) + 3); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:377:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:378:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(Tcl_GetString(objv[objidx])) + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:389:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:402:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen += (1 + strlen(Tcl_GetString(objv[i]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:403:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) + llen); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:405:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(newcmd + (int)(sptr - substcmd), "{"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:409:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(newcmd, " "); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:411:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(newcmd, "}"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:419:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)Tcl_Alloc(strlen(substcmd) + 1); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:537:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Tcl_GetString(objv[2])) == 0) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:664:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(strptr->data.string))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:672:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(strptr->data.string))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:684:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fonts[strptr->data.font].psname))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:851:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(newpart->data.string) + strlen(Tcl_GetString(tobj)) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:851:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(newpart->data.string) + strlen(Tcl_GetString(tobj)) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:853:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(newpart->data.string, " "); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:1525:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mode = (char *)malloc(5 + strlen(Tcl_GetString(objv[2]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:1824:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(prefix); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:1827:12: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(prefix, "/"); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:2500:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(colorname) == 0) return TCL_ERROR; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:2852:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). robj = Tcl_NewStringObj(refkey, strlen(refkey)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:2863:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ops->parameter.expr)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3087:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[ops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3095:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(instops->key, strlen(instops->key))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3103:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[instops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3119:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[instops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3135:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(ops->key, strlen(ops->key))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3143:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[ops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3157:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(ops->key, strlen(ops->key))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3166:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[ops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3175:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(ops->key, strlen(ops->key))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3182:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[ops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3198:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(ops->key, strlen(ops->key))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3206:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(param_types[ops->which]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3278:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(ops->key, strlen(ops->key))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:3910:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(thisinst->thisobject->name))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4230:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objPtr = Tcl_NewStringObj(tmpstr, strlen(tmpstr)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4263:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objPtr = Tcl_NewStringObj(tmpstr, strlen(tmpstr)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4404:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(substring); i++) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:4554:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(tstr, strlen(tstr))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6100:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objPtr = Tcl_NewStringObj(etypes[idx2], strlen(etypes[idx2])); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6612:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_SetObjResult(interp, Tcl_NewStringObj(buffer, strlen(buffer))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6636:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_SetObjResult(interp, Tcl_NewStringObj(buffer, strlen(buffer))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6662:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(boxsubCmds[idx]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6692:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pathsubCmds[idx]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6838:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(coordsubCmds[idx]))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:6998:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmpstr) > 0) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7183:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((strlen(xobjs.pagelist[j]->filename) > 0) && data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7184:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strcmp(file_return + strlen(file_return) - 3, ".ps") data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7186:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(file_return) - 3)) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7384:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_STR2, ","); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7447:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(_STR2, ","); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7458:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(curpage->background.name)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7616:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) > 0) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7890:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objPtr = Tcl_NewStringObj(pageobj->name, strlen(pageobj->name)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7898:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(_STR2); i++) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7906:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(_STR2) == 0) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7930:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objPtr = Tcl_NewStringObj(oldstr, strlen(oldstr)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7938:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(newstr) > 0) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7942:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). astr = malloc(strlen(newstr) + 4); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7953:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(newstr) == 0) { /* empty string */ data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7969:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(curpage->filename) > 0) && (multi > 1)) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:7986:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(curpage->filename) > 0) && (multi <= 1)) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8134:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nsptr->technology))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8162:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(nsptr->technology) == 0)) continue; data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8166:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(nsptr->technology))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8221:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). technamelen = (usertech) ? 0 : strlen(technology); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8235:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objnamelen = strlen(libobj->name); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8237:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). libobj->name, (size_t)strlen(libobj->name)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8242:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objnamelen = strlen(cptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8244:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr + 2, (size_t)strlen(cptr + 2)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8258:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objnamelen = strlen(libobj->name); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8260:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). libobj->name, (size_t)strlen(libobj->name)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8265:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objnamelen = strlen(cptr + 2); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8267:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr + 2, (size_t)strlen(cptr + 2)); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8293:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(libobjname, strlen(libobjname))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8434:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_SetObjResult(interp, Tcl_NewStringObj(lname, strlen(lname))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8564:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(libobj->name, strlen(libobj->name))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8642:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(libobj->name, strlen(libobj->name))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8706:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_NewStringObj(commandname, strlen(commandname))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8788:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(commandname) == 0) data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:8854:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(fonts[fontcount - 1].family))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9086:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newexpr = (char *)malloc(1 + strlen(exprptr) + data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9087:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (max(strlen(promoted), strlen(pkey)))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9087:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (max(strlen(promoted), strlen(pkey)))); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9092:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pnext = newexpr + strlen(newexpr); /* For next search of '@' escape */ data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:9565:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(curentry) > 0) { data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10173:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(tstr); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10181:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bigstr, tstr, size); data/xcircuit-3.9.73+dfsg.1/tclxcircuit.c:10234:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(format) > 0) { data/xcircuit-3.9.73+dfsg.1/text.c:195:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(newpart->data.string) - locpos; data/xcircuit-3.9.73+dfsg.1/text.c:197:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ipart->data.string, newpart->data.string + locpos, slen + 1); data/xcircuit-3.9.73+dfsg.1/text.c:352:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 1 + strlen(firststr->data.string) + strlen(nextstr->data.string)); data/xcircuit-3.9.73+dfsg.1/text.c:352:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 1 + strlen(firststr->data.string) + strlen(nextstr->data.string)); data/xcircuit-3.9.73+dfsg.1/text.c:528:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:580:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (locpos > (int) strlen(strptr->data.string)) { data/xcircuit-3.9.73+dfsg.1/text.c:623:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (locpos > (int) strlen(strptr->data.string)) { data/xcircuit-3.9.73+dfsg.1/text.c:659:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(_STR) + 1); data/xcircuit-3.9.73+dfsg.1/text.c:659:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(_STR) + 1); data/xcircuit-3.9.73+dfsg.1/text.c:664:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + 2); data/xcircuit-3.9.73+dfsg.1/text.c:665:10: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sout, "!"); data/xcircuit-3.9.73+dfsg.1/text.c:687:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(_STR) + 1); data/xcircuit-3.9.73+dfsg.1/text.c:687:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sout = (char *)realloc(sout, strlen(sout) + strlen(_STR) + 1); data/xcircuit-3.9.73+dfsg.1/text.c:743:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). substr = malloc(10 + strlen(newstr)); data/xcircuit-3.9.73+dfsg.1/text.c:773:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = (char *)malloc(strlen(prefix) + 10); data/xcircuit-3.9.73+dfsg.1/text.c:777:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = (char *)malloc(strlen(prefix) + 20 + 3 * sublist->subnets); data/xcircuit-3.9.73+dfsg.1/text.c:782:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = newstr + strlen(newstr); data/xcircuit-3.9.73+dfsg.1/text.c:784:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(sptr++, ","); data/xcircuit-3.9.73+dfsg.1/text.c:787:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = newstr + strlen(newstr); data/xcircuit-3.9.73+dfsg.1/text.c:811:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t llen = strlen(text), slen; data/xcircuit-3.9.73+dfsg.1/text.c:818:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = min(strlen(sptr), llen); data/xcircuit-3.9.73+dfsg.1/text.c:1164:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(strptr2->data.string) > bpos) { data/xcircuit-3.9.73+dfsg.1/text.c:1241:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctotal += strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:1271:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpart->data.string = (char *)malloc(1 + strlen(strptr->data.string)); data/xcircuit-3.9.73+dfsg.1/text.c:1298:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpart->data.string = (char *)malloc(1 + strlen(strptr->data.string)); data/xcircuit-3.9.73+dfsg.1/text.c:1348:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpart->data.string = (char *)malloc(1 + strlen(strptr->data.string)); data/xcircuit-3.9.73+dfsg.1/text.c:1794:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(textptr); data/xcircuit-3.9.73+dfsg.1/text.c:1817:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). UDrawCharString(textptr, 0, strlen(textptr), data/xcircuit-3.9.73+dfsg.1/text.c:1820:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos += strlen(textptr) - 1; data/xcircuit-3.9.73+dfsg.1/text.c:2158:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strpos += strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:2199:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strpos += strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:2221:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:2260:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strpos += strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/text.c:2263:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strpos += strlen(strptr->data.string); data/xcircuit-3.9.73+dfsg.1/w32x11.c:397:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, name, MAX_PATH); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:308:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (promptstr != NULL) slen += strlen(*promptstr); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:316:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen += strlen(thisobj->name) + 2; data/xcircuit-3.9.73+dfsg.1/xcircuit.c:337:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen += strlen(fname) + 2; data/xcircuit-3.9.73+dfsg.1/xcircuit.c:379:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). promptstr = (char *)realloc(promptstr, strlen(promptstr) + 15); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:382:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(promptstr, "\""); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:784:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fromC.size = strlen(name); data/xcircuit-3.9.73+dfsg.1/xcircuit.c:1253:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buffer); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:440:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, name, MAX_PATH); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:2101:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(snum, str, 4); snum[4] = 0; str+=4; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:2103:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(snum, str, 4); snum[4] = 0; str+=4; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:2105:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(snum, str, 4); snum[4] = 0; str+=4; data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3196:8: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(_STR2, ".ps", 250); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3199:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_STR2); data/xcircuit-3.9.73+dfsg.1/xcwin32.c:3249:13: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = wcslen(wargv[i]); data/xcircuit-3.9.73+dfsg.1/xcwin32.h:571:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. #define usleep(x) if (x < 1000) WinDebug("Cannot sleep less than 1us\n"); else Sleep(x/1000); data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:837:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(_STR2); i++) { data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:845:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(_STR2) == 0) data/xcircuit-3.9.73+dfsg.1/xtfuncs.c:1600:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cpos != NULL || strlen(ppos + 1) == 6) { data/xcircuit-3.9.73+dfsg.1/xtgui.c:562:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). promptstr = (char *)realloc(promptstr, strlen(promptstr) + 15); data/xcircuit-3.9.73+dfsg.1/xtgui.c:794:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). posit = (pdptr != NULL) ? (short)(pdptr - edit[i]) : strlen(edit[i]); data/xcircuit-3.9.73+dfsg.1/xtgui.c:820:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). posit = strlen(topobject->name); data/xcircuit-3.9.73+dfsg.1/xtgui.c:852:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = XTextWidth(appdata.xcfont, request, strlen(request)) + 20; data/xcircuit-3.9.73+dfsg.1/xtgui.c:853:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bwidth = XTextWidth(appdata.xcfont, "Cancel", strlen("Cancel")) + 50; data/xcircuit-3.9.73+dfsg.1/xtgui.c:854:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). owidth = XTextWidth(appdata.xcfont, "Okay", strlen("Okay")) + 50; data/xcircuit-3.9.73+dfsg.1/xtgui.c:921:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). posit = (pdptr != NULL) ? (short)(pdptr - current) : strlen(current); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1078:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = XTextWidth(appdata.xcfont, request, strlen(request)) + 20; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1079:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bwidth = XTextWidth(appdata.xcfont, "Close", strlen("Close")) + 50; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1080:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). owidth = XTextWidth(appdata.xcfont, "Apply", strlen("Apply")) + 50; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1081:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wwidth = XTextWidth(appdata.xcfont, outname, strlen(outname)) + 80; data/xcircuit-3.9.73+dfsg.1/xtgui.c:1144:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). posit = (pdptr != NULL) ? (short)(pdptr - edit[i]) : strlen(edit[i]); data/xcircuit-3.9.73+dfsg.1/xtgui.c:1230:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). posit = (pdptr != NULL) ? (short)(pdptr - fpedit) : strlen(fpedit); ANALYSIS SUMMARY: Hits = 1569 Lines analyzed = 117795 in approximately 3.02 seconds (38962 lines/second) Physical Source Lines of Code (SLOC) = 80352 Hits@level = [0] 670 [1] 559 [2] 584 [3] 24 [4] 400 [5] 2 Hits@level+ = [0+] 2239 [1+] 1569 [2+] 1010 [3+] 426 [4+] 402 [5+] 2 Hits/KSLOC@level+ = [0+] 27.8649 [1+] 19.5266 [2+] 12.5697 [3+] 5.30167 [4+] 5.00299 [5+] 0.0248905 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.