Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xfig-3.2.7b/tests/test2.c
Examining data/xfig-3.2.7b/tests/test1.c
Examining data/xfig-3.2.7b/lib/strstr.c
Examining data/xfig-3.2.7b/lib/strrchr.c
Examining data/xfig-3.2.7b/lib/strndup.c
Examining data/xfig-3.2.7b/lib/strncasecmp.c
Examining data/xfig-3.2.7b/lib/strdup.c
Examining data/xfig-3.2.7b/lib/strchr.c
Examining data/xfig-3.2.7b/lib/strcasecmp.c
Examining data/xfig-3.2.7b/lib/realloc.c
Examining data/xfig-3.2.7b/lib/malloc.c
Examining data/xfig-3.2.7b/lib/isascii.c
Examining data/xfig-3.2.7b/src/u_draw_spline.c
Examining data/xfig-3.2.7b/src/SmeBSBP.h
Examining data/xfig-3.2.7b/src/SmeBSB.c
Examining data/xfig-3.2.7b/src/SimpleMenu.c
Examining data/xfig-3.2.7b/src/SmeCascadeP.h
Examining data/xfig-3.2.7b/src/SmeCascade.h
Examining data/xfig-3.2.7b/src/SmeCascade.c
Examining data/xfig-3.2.7b/src/SmeBSB.h
Examining data/xfig-3.2.7b/src/w_menuentryP.h
Examining data/xfig-3.2.7b/src/w_menuentry.h
Examining data/xfig-3.2.7b/src/w_menuentry.c
Examining data/xfig-3.2.7b/src/w_i18n.h
Examining data/xfig-3.2.7b/src/w_i18n.c
Examining data/xfig-3.2.7b/src/f_readjpg.h
Examining data/xfig-3.2.7b/src/f_readjpg.c
Examining data/xfig-3.2.7b/src/f_readxpm.c
Examining data/xfig-3.2.7b/src/Xosdefs.h
Examining data/xfig-3.2.7b/src/Xfuncs.h
Examining data/xfig-3.2.7b/src/w_zoom.h
Examining data/xfig-3.2.7b/src/w_zoom.c
Examining data/xfig-3.2.7b/src/w_util.h
Examining data/xfig-3.2.7b/src/w_util.c
Examining data/xfig-3.2.7b/src/w_style.h
Examining data/xfig-3.2.7b/src/w_style.c
Examining data/xfig-3.2.7b/src/w_srchrepl.h
Examining data/xfig-3.2.7b/src/w_srchrepl.c
Examining data/xfig-3.2.7b/src/w_snap.h
Examining data/xfig-3.2.7b/src/w_snap.c
Examining data/xfig-3.2.7b/src/w_setup.h
Examining data/xfig-3.2.7b/src/w_setup.c
Examining data/xfig-3.2.7b/src/w_rulers.h
Examining data/xfig-3.2.7b/src/w_rulers.c
Examining data/xfig-3.2.7b/src/w_rottext.h
Examining data/xfig-3.2.7b/src/w_rottext.c
Examining data/xfig-3.2.7b/src/w_print.h
Examining data/xfig-3.2.7b/src/w_print.c
Examining data/xfig-3.2.7b/src/w_msgpanel.h
Examining data/xfig-3.2.7b/src/w_msgpanel.c
Examining data/xfig-3.2.7b/src/w_mousefun.h
Examining data/xfig-3.2.7b/src/w_mousefun.c
Examining data/xfig-3.2.7b/src/w_modepanel.h
Examining data/xfig-3.2.7b/src/w_modepanel.c
Examining data/xfig-3.2.7b/src/w_listwidgetP.h
Examining data/xfig-3.2.7b/src/w_listwidget.h
Examining data/xfig-3.2.7b/src/w_listwidget.c
Examining data/xfig-3.2.7b/src/w_library.h
Examining data/xfig-3.2.7b/src/w_layers.h
Examining data/xfig-3.2.7b/src/w_layers.c
Examining data/xfig-3.2.7b/src/w_keyboard.h
Examining data/xfig-3.2.7b/src/w_keyboard.c
Examining data/xfig-3.2.7b/src/w_intersect.h
Examining data/xfig-3.2.7b/src/w_intersect.c
Examining data/xfig-3.2.7b/src/w_indpanel.h
Examining data/xfig-3.2.7b/src/w_indpanel.c
Examining data/xfig-3.2.7b/src/w_icons.h
Examining data/xfig-3.2.7b/src/w_icons.c
Examining data/xfig-3.2.7b/src/w_help.h
Examining data/xfig-3.2.7b/src/w_help.c
Examining data/xfig-3.2.7b/src/w_grid.h
Examining data/xfig-3.2.7b/src/w_grid.c
Examining data/xfig-3.2.7b/src/w_fontpanel.h
Examining data/xfig-3.2.7b/src/w_fontpanel.c
Examining data/xfig-3.2.7b/src/w_fontbits.h
Examining data/xfig-3.2.7b/src/w_fontbits.c
Examining data/xfig-3.2.7b/src/w_file.h
Examining data/xfig-3.2.7b/src/w_file.c
Examining data/xfig-3.2.7b/src/w_export.h
Examining data/xfig-3.2.7b/src/w_export.c
Examining data/xfig-3.2.7b/src/w_drawprim.h
Examining data/xfig-3.2.7b/src/w_drawprim.c
Examining data/xfig-3.2.7b/src/w_dir.h
Examining data/xfig-3.2.7b/src/w_dir.c
Examining data/xfig-3.2.7b/src/w_digitize.h
Examining data/xfig-3.2.7b/src/w_digitize.c
Examining data/xfig-3.2.7b/src/w_cursor.h
Examining data/xfig-3.2.7b/src/w_cursor.c
Examining data/xfig-3.2.7b/src/w_color.h
Examining data/xfig-3.2.7b/src/w_color.c
Examining data/xfig-3.2.7b/src/w_cmdpanel.h
Examining data/xfig-3.2.7b/src/w_cmdpanel.c
Examining data/xfig-3.2.7b/src/w_capture.h
Examining data/xfig-3.2.7b/src/w_capture.c
Examining data/xfig-3.2.7b/src/w_canvas.h
Examining data/xfig-3.2.7b/src/w_canvas.c
Examining data/xfig-3.2.7b/src/w_browse.h
Examining data/xfig-3.2.7b/src/w_browse.c
Examining data/xfig-3.2.7b/src/u_undo.h
Examining data/xfig-3.2.7b/src/u_undo.c
Examining data/xfig-3.2.7b/src/u_translate.h
Examining data/xfig-3.2.7b/src/u_translate.c
Examining data/xfig-3.2.7b/src/u_smartsearch.h
Examining data/xfig-3.2.7b/src/u_smartsearch.c
Examining data/xfig-3.2.7b/src/u_search.h
Examining data/xfig-3.2.7b/src/u_search.c
Examining data/xfig-3.2.7b/src/u_scale.h
Examining data/xfig-3.2.7b/src/u_scale.c
Examining data/xfig-3.2.7b/src/u_redraw.h
Examining data/xfig-3.2.7b/src/u_redraw.c
Examining data/xfig-3.2.7b/src/u_quartic.h
Examining data/xfig-3.2.7b/src/u_quartic.c
Examining data/xfig-3.2.7b/src/u_print.h
Examining data/xfig-3.2.7b/src/u_print.c
Examining data/xfig-3.2.7b/src/u_pan.h
Examining data/xfig-3.2.7b/src/u_pan.c
Examining data/xfig-3.2.7b/src/u_markers.h
Examining data/xfig-3.2.7b/src/u_markers.c
Examining data/xfig-3.2.7b/src/u_list.h
Examining data/xfig-3.2.7b/src/u_list.c
Examining data/xfig-3.2.7b/src/u_geom.h
Examining data/xfig-3.2.7b/src/u_geom.c
Examining data/xfig-3.2.7b/src/u_free.h
Examining data/xfig-3.2.7b/src/u_free.c
Examining data/xfig-3.2.7b/src/u_fonts.h
Examining data/xfig-3.2.7b/src/u_fonts.c
Examining data/xfig-3.2.7b/src/u_error.h
Examining data/xfig-3.2.7b/src/u_error.c
Examining data/xfig-3.2.7b/src/u_elastic.h
Examining data/xfig-3.2.7b/src/u_elastic.c
Examining data/xfig-3.2.7b/src/u_draw.h
Examining data/xfig-3.2.7b/src/u_draw.c
Examining data/xfig-3.2.7b/src/u_drag.h
Examining data/xfig-3.2.7b/src/u_drag.c
Examining data/xfig-3.2.7b/src/u_create.h
Examining data/xfig-3.2.7b/src/u_create.c
Examining data/xfig-3.2.7b/src/u_bound.h
Examining data/xfig-3.2.7b/src/u_bound.c
Examining data/xfig-3.2.7b/src/resources.h
Examining data/xfig-3.2.7b/src/resources.c
Examining data/xfig-3.2.7b/src/pcx.h
Examining data/xfig-3.2.7b/src/paintop.h
Examining data/xfig-3.2.7b/src/object.h
Examining data/xfig-3.2.7b/src/object.c
Examining data/xfig-3.2.7b/src/mode.h
Examining data/xfig-3.2.7b/src/mode.c
Examining data/xfig-3.2.7b/src/main.h
Examining data/xfig-3.2.7b/src/main.c
Examining data/xfig-3.2.7b/src/f_wrpng.h
Examining data/xfig-3.2.7b/src/f_wrpng.c
Examining data/xfig-3.2.7b/src/f_wrpcx.c
Examining data/xfig-3.2.7b/src/f_util.h
Examining data/xfig-3.2.7b/src/f_util.c
Examining data/xfig-3.2.7b/src/f_save.h
Examining data/xfig-3.2.7b/src/f_save.c
Examining data/xfig-3.2.7b/src/f_readxpm.h
Examining data/xfig-3.2.7b/src/f_readxbm.h
Examining data/xfig-3.2.7b/src/f_readxbm.c
Examining data/xfig-3.2.7b/src/f_readtif.h
Examining data/xfig-3.2.7b/src/f_readtif.c
Examining data/xfig-3.2.7b/src/f_readppm.h
Examining data/xfig-3.2.7b/src/f_readppm.c
Examining data/xfig-3.2.7b/src/f_readpng.h
Examining data/xfig-3.2.7b/src/f_readpng.c
Examining data/xfig-3.2.7b/src/f_readpcx.h
Examining data/xfig-3.2.7b/src/f_readpcx.c
Examining data/xfig-3.2.7b/src/f_readold.h
Examining data/xfig-3.2.7b/src/f_readold.c
Examining data/xfig-3.2.7b/src/f_read.h
Examining data/xfig-3.2.7b/src/f_readgif.h
Examining data/xfig-3.2.7b/src/f_readgif.c
Examining data/xfig-3.2.7b/src/f_readeps.h
Examining data/xfig-3.2.7b/src/f_readeps.c
Examining data/xfig-3.2.7b/src/f_read.c
Examining data/xfig-3.2.7b/src/f_picobj.h
Examining data/xfig-3.2.7b/src/f_picobj.c
Examining data/xfig-3.2.7b/src/f_neuclrtab.h
Examining data/xfig-3.2.7b/src/f_neuclrtab.c
Examining data/xfig-3.2.7b/src/f_load.h
Examining data/xfig-3.2.7b/src/f_load.c
Examining data/xfig-3.2.7b/src/figx.h
Examining data/xfig-3.2.7b/src/fig.h
Examining data/xfig-3.2.7b/src/e_update.h
Examining data/xfig-3.2.7b/src/e_update.c
Examining data/xfig-3.2.7b/src/e_tangent.h
Examining data/xfig-3.2.7b/src/e_tangent.c
Examining data/xfig-3.2.7b/src/e_scale.h
Examining data/xfig-3.2.7b/src/e_scale.c
Examining data/xfig-3.2.7b/src/e_rotate.h
Examining data/xfig-3.2.7b/src/e_rotate.c
Examining data/xfig-3.2.7b/src/e_placelib.h
Examining data/xfig-3.2.7b/src/e_placelib.c
Examining data/xfig-3.2.7b/src/e_movept.h
Examining data/xfig-3.2.7b/src/e_movept.c
Examining data/xfig-3.2.7b/src/e_move.h
Examining data/xfig-3.2.7b/src/e_move.c
Examining data/xfig-3.2.7b/src/e_measure.h
Examining data/xfig-3.2.7b/src/e_measure.c
Examining data/xfig-3.2.7b/src/e_joinsplit.h
Examining data/xfig-3.2.7b/src/e_joinsplit.c
Examining data/xfig-3.2.7b/src/e_glue.h
Examining data/xfig-3.2.7b/src/e_glue.c
Examining data/xfig-3.2.7b/src/e_flip.h
Examining data/xfig-3.2.7b/src/e_flip.c
Examining data/xfig-3.2.7b/src/e_edit.h
Examining data/xfig-3.2.7b/src/e_edit.c
Examining data/xfig-3.2.7b/src/e_deletept.h
Examining data/xfig-3.2.7b/src/e_deletept.c
Examining data/xfig-3.2.7b/src/e_delete.h
Examining data/xfig-3.2.7b/src/e_delete.c
Examining data/xfig-3.2.7b/src/e_copy.h
Examining data/xfig-3.2.7b/src/e_copy.c
Examining data/xfig-3.2.7b/src/e_convert.h
Examining data/xfig-3.2.7b/src/e_convert.c
Examining data/xfig-3.2.7b/src/e_compound.h
Examining data/xfig-3.2.7b/src/e_compound.c
Examining data/xfig-3.2.7b/src/e_chop.h
Examining data/xfig-3.2.7b/src/e_chop.c
Examining data/xfig-3.2.7b/src/e_break.h
Examining data/xfig-3.2.7b/src/e_break.c
Examining data/xfig-3.2.7b/src/e_arrow.h
Examining data/xfig-3.2.7b/src/e_arrow.c
Examining data/xfig-3.2.7b/src/e_align.h
Examining data/xfig-3.2.7b/src/e_align.c
Examining data/xfig-3.2.7b/src/e_addpt.h
Examining data/xfig-3.2.7b/src/e_addpt.c
Examining data/xfig-3.2.7b/src/dirstruct.h
Examining data/xfig-3.2.7b/src/d_text.h
Examining data/xfig-3.2.7b/src/d_text.c
Examining data/xfig-3.2.7b/src/d_subspline.h
Examining data/xfig-3.2.7b/src/d_subspline.c
Examining data/xfig-3.2.7b/src/d_spline.h
Examining data/xfig-3.2.7b/src/d_spline.c
Examining data/xfig-3.2.7b/src/d_regpoly.h
Examining data/xfig-3.2.7b/src/d_regpoly.c
Examining data/xfig-3.2.7b/src/d_picobj.h
Examining data/xfig-3.2.7b/src/d_picobj.c
Examining data/xfig-3.2.7b/src/d_line.h
Examining data/xfig-3.2.7b/src/d_line.c
Examining data/xfig-3.2.7b/src/d_ellipse.h
Examining data/xfig-3.2.7b/src/d_ellipse.c
Examining data/xfig-3.2.7b/src/d_box.h
Examining data/xfig-3.2.7b/src/d_box.c
Examining data/xfig-3.2.7b/src/d_arc.h
Examining data/xfig-3.2.7b/src/d_arc.c
Examining data/xfig-3.2.7b/src/d_arcbox.h
Examining data/xfig-3.2.7b/src/d_arcbox.c
Examining data/xfig-3.2.7b/src/w_library.c
FINAL RESULTS:
data/xfig-3.2.7b/lib/strdup.c:65:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, str);
data/xfig-3.2.7b/src/SimpleMenu.c:611:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(error_buf, "%s %s",
data/xfig-3.2.7b/src/SimpleMenu.c:620:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(error_buf, "%s '%s'",
data/xfig-3.2.7b/src/SimpleMenu.c:828:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(error_buf, "Xaw Simple Menu Widget: %s or %s, %s",
data/xfig-3.2.7b/src/SimpleMenu.c:997:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(error_buf, "%s %s", "Xaw Simple Menu Widget:",
data/xfig-3.2.7b/src/SmeBSB.c:653:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Xaw SmeBSB Object: %s %s \"%s\".", "Could not",
data/xfig-3.2.7b/src/SmeBSB.c:659:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Xaw SmeBSB Object: %s \"%s\"%s.",
data/xfig-3.2.7b/src/SmeBSB.c:672:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Xaw SmeBSB Object: %s %s \"%s\".", "Could not",
data/xfig-3.2.7b/src/SmeBSB.c:678:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(buf, "Xaw SmeBSB Object: %s \"%s\"%s.",
data/xfig-3.2.7b/src/d_text.c:414:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(prefix, suffix); /* re-attach any suffix */
data/xfig-3.2.7b/src/d_text.c:421:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(prefix, suffix);
data/xfig-3.2.7b/src/d_text.c:441:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_t->cstring, prefix);
data/xfig-3.2.7b/src/d_text.c:445:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_t->cstring, prefix);
data/xfig-3.2.7b/src/d_text.c:644:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix, &cur_t->cstring[leng_prefix]);
data/xfig-3.2.7b/src/d_text.c:716:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text->cstring, prefix);
data/xfig-3.2.7b/src/d_text.c:1046:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(prefix,suffix);
data/xfig-3.2.7b/src/d_text.c:1047:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix,prefix);
data/xfig-3.2.7b/src/d_text.c:1070:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(prefix,suffix);
data/xfig-3.2.7b/src/d_text.c:2111:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(preedit_filename, "%s/%s%06d", TMPDIR, "xfig-preedit", getpid());
data/xfig-3.2.7b/src/d_text.c:2114:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (0 < preedit_pid && access(preedit_filename, R_OK) == 0);
data/xfig-3.2.7b/src/d_text.c:2149:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(appres.text_preedit, appres.text_preedit, preedit_filename, NULL);
data/xfig-3.2.7b/src/e_edit.c:2028:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(longname, "%s/%s", cur_file_dir, string);
data/xfig-3.2.7b/src/e_edit.c:3131:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", object_type);
data/xfig-3.2.7b/src/e_edit.c:3133:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s: %s", object_type, sub_type);
data/xfig-3.2.7b/src/e_edit.c:4125:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, fmt, x);
data/xfig-3.2.7b/src/e_edit.c:4206:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(labelname,name);
data/xfig-3.2.7b/src/e_edit.c:4208:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(textname,name);
data/xfig-3.2.7b/src/e_edit.c:5211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (s, panel_get_value(client_data));
data/xfig-3.2.7b/src/e_edit.c:5355:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpname,xf_basename(cur_filename));
data/xfig-3.2.7b/src/e_edit.c:5360:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfile,"%s_%ld.png",tmpname,tim);
data/xfig-3.2.7b/src/e_edit.c:5387:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,panel_get_value(pic_name_panel));
data/xfig-3.2.7b/src/e_edit.c:5400:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, cur_image_editor);
data/xfig-3.2.7b/src/e_edit.c:5416:8: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = execvp(argv[0], argv);
data/xfig-3.2.7b/src/e_scale.c:889:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(comment, "Dimension line: %s",str);
data/xfig-3.2.7b/src/f_load.c:96:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(save_filename, cur_filename);
data/xfig-3.2.7b/src/f_load.c:127:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(save_filename, cur_filename);
data/xfig-3.2.7b/src/f_load.c:131:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname,file);
data/xfig-3.2.7b/src/f_load.c:171:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_fig_units, settings->units ? "in" : "cm");
data/xfig-3.2.7b/src/f_load.c:307:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, file);
data/xfig-3.2.7b/src/f_load.c:340:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"1 %s",file);
data/xfig-3.2.7b/src/f_picobj.c:268:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unc,"gunzip -q %s %s",gzoption,name);
data/xfig-3.2.7b/src/f_picobj.c:272:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retname, name);
data/xfig-3.2.7b/src/f_picobj.c:275:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unc, "gunzip %s %s",gzoption,retname);
data/xfig-3.2.7b/src/f_picobj.c:279:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retname, name);
data/xfig-3.2.7b/src/f_picobj.c:282:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unc, "gunzip %s %s",gzoption,retname);
data/xfig-3.2.7b/src/f_picobj.c:286:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retname, name);
data/xfig-3.2.7b/src/f_picobj.c:289:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unc, "gunzip %s %s",gzoption,retname);
data/xfig-3.2.7b/src/f_picobj.c:299:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(unc);
data/xfig-3.2.7b/src/f_picobj.c:303:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retname, name);
data/xfig-3.2.7b/src/f_picobj.c:310:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retname, name);
data/xfig-3.2.7b/src/f_picobj.c:319:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fstream = popen(unc,"r");
data/xfig-3.2.7b/src/f_read.c:269:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(versstring, PROTOCOL_VERSION); /* copy because gcc doesn't allow writing */
data/xfig-3.2.7b/src/f_read.c:986:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(picfile, "%s/%s", cur_file_dir, s1);
data/xfig-3.2.7b/src/f_read.c:988:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(picfile, s1);
data/xfig-3.2.7b/src/f_read.c:1426:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_temp,buf);
data/xfig-3.2.7b/src/f_read.c:1445:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, s_temp);
data/xfig-3.2.7b/src/f_read.c:1474:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s,buf); /* copy back to s */
data/xfig-3.2.7b/src/f_read.c:1493:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(t->cstring, &s[1]);
data/xfig-3.2.7b/src/f_read.c:1550:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comp, comments[i]);
data/xfig-3.2.7b/src/f_read.c:1599:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comments[numcom++], &buf[i]);
data/xfig-3.2.7b/src/f_readeps.c:270:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpfile, pic->pic_cache->file);
data/xfig-3.2.7b/src/f_readeps.c:320:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gscom,
data/xfig-3.2.7b/src/f_readeps.c:325:19: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((gsfile = popen(gscom, "w")) == 0) {
data/xfig-3.2.7b/src/f_readgif.c:184:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "giftopnm -quiet | ppmtopcx -quiet > %s", pcxname);
data/xfig-3.2.7b/src/f_readgif.c:185:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((giftopcx = popen(buf,"w" )) == 0) {
data/xfig-3.2.7b/src/f_readppm.c:48:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "ppmtopcx > %s 2> /dev/null", pcxname);
data/xfig-3.2.7b/src/f_readppm.c:49:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((giftopcx = popen(buf,"w" )) == 0) {
data/xfig-3.2.7b/src/f_readtif.c:48:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "tifftopnm %s 2> /dev/null | ppmtopcx > %s 2> /dev/null",
data/xfig-3.2.7b/src/f_readtif.c:50:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ((tiftopcx = popen(buf,"w" )) == 0) {
data/xfig-3.2.7b/src/f_readxbm.c:217:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line,"#define %s %d",name_and_type,&value) == 2) {
data/xfig-3.2.7b/src/f_readxbm.c:230:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "static short %s = {", name_and_type) == 1)
data/xfig-3.2.7b/src/f_readxbm.c:232:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(line,"static unsigned char %s = {",name_and_type) == 1)
data/xfig-3.2.7b/src/f_readxbm.c:234:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(line, "static char %s = {", name_and_type) == 1)
data/xfig-3.2.7b/src/f_save.c:59:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_cur_dir, cur_file_dir);
data/xfig-3.2.7b/src/f_save.c:61:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, TMPDIR);
data/xfig-3.2.7b/src/f_save.c:68:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, save_cur_dir);
data/xfig-3.2.7b/src/f_save.c:215:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, appres.landscape? "Landscape\n": "Portrait\n");
data/xfig-3.2.7b/src/f_save.c:216:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, appres.flushleft? "Flush left\n": "Center\n");
data/xfig-3.2.7b/src/f_save.c:217:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, appres.INCHES? "Inches\n": "Metric\n");
data/xfig-3.2.7b/src/f_util.c:120:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cwd, path);
data/xfig-3.2.7b/src/f_util.c:172:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file_name, W_OK)) {
data/xfig-3.2.7b/src/f_util.c:178:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "\"%s\" already exists.\nDo you want to overwrite it?", file_name);
data/xfig-3.2.7b/src/f_util.c:682:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpfile, name); /* save original name */
data/xfig-3.2.7b/src/f_util.c:683:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plainname, name);
data/xfig-3.2.7b/src/f_util.c:692:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, plainname);
data/xfig-3.2.7b/src/f_util.c:695:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s.z", plainname);
data/xfig-3.2.7b/src/f_util.c:698:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s.Z", plainname);
data/xfig-3.2.7b/src/f_util.c:701:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s.gz", plainname);
data/xfig-3.2.7b/src/f_util.c:704:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tmpfile);
data/xfig-3.2.7b/src/f_util.c:714:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, name);
data/xfig-3.2.7b/src/f_util.c:719:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(dirname, W_OK) == 0) { /* OK - the directory is writable */
data/xfig-3.2.7b/src/f_util.c:720:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unc, "gunzip -q %s", name);
data/xfig-3.2.7b/src/f_util.c:721:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(unc) != 0)
data/xfig-3.2.7b/src/f_util.c:723:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, plainname);
data/xfig-3.2.7b/src/f_util.c:728:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfile, "%s%s", TMPDIR, c);
data/xfig-3.2.7b/src/f_util.c:730:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpfile, "%s/%s", TMPDIR, plainname);
data/xfig-3.2.7b/src/f_util.c:731:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(unc, "gunzip -q -c %s > %s", name, tmpfile);
data/xfig-3.2.7b/src/f_util.c:732:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(unc) != 0)
data/xfig-3.2.7b/src/f_util.c:736:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tmpfile);
data/xfig-3.2.7b/src/f_util.c:758:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xfigrc_name,userhome);
data/xfig-3.2.7b/src/f_util.c:796:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"%1d %s",num_recent_files+1,file);
data/xfig-3.2.7b/src/f_util.c:1004:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_library_dir, appres.library_dir);
data/xfig-3.2.7b/src/f_util.c:1005:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_spellchk, appres.spellcheckcommand);
data/xfig-3.2.7b/src/f_util.c:1006:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_image_editor, appres.image_editor);
data/xfig-3.2.7b/src/f_util.c:1007:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_browser, appres.browser);
data/xfig-3.2.7b/src/f_util.c:1008:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_pdfviewer, appres.pdf_viewer);
data/xfig-3.2.7b/src/f_util.c:1044:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,argv[i]);
data/xfig-3.2.7b/src/f_util.c:1095:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd,program);
data/xfig-3.2.7b/src/f_util.c:1098:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd2, c1+2); /* save tail */
data/xfig-3.2.7b/src/f_util.c:1099:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1, filename); /* change %f to filename */
data/xfig-3.2.7b/src/f_util.c:1100:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(c1, cmd2); /* append tail */
data/xfig-3.2.7b/src/f_util.c:1105:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd,filename);
data/xfig-3.2.7b/src/f_util.c:1297:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grid,"%s:%s%s",
data/xfig-3.2.7b/src/f_util.c:1305:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grid, panel_get_value(minor_grid_panel));
data/xfig-3.2.7b/src/f_util.c:1313:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grid,c1);
data/xfig-3.2.7b/src/f_util.c:1316:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(grid,appres.INCHES? "in":"mm");
data/xfig-3.2.7b/src/main.c:653:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xfig_version, "Xfig %s", PACKAGE_VERSION);
data/xfig-3.2.7b/src/main.c:656:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy(tool_name, xfig_version);
data/xfig-3.2.7b/src/main.c:657:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(file_header, "#FIG %s", PROTOCOL_VERSION);
data/xfig-3.2.7b/src/main.c:798:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fig2dev_cmd,"%s/fig2dev",fig2dev_path);
data/xfig-3.2.7b/src/main.c:871:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf(&tool_name[strlen(tool_name)], " [locale: %s]",
data/xfig-3.2.7b/src/main.c:1237:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpstr, "%s%s", userhome, &appres.library_dir[1]);
data/xfig-3.2.7b/src/main.c:1240:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpstr, "%s/%s", cur_file_dir, appres.library_dir);
data/xfig-3.2.7b/src/main.c:1251:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_filename, arg_filename);
data/xfig-3.2.7b/src/main.c:1255:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, cur_filename);
data/xfig-3.2.7b/src/main.c:1257:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_filename, dval+1);
data/xfig-3.2.7b/src/main.c:1691:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (userhome != NULL && *strcpy(cut_buf_name, userhome) != '\0') {
data/xfig-3.2.7b/src/main.c:1695:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cut_buf_name, "%s/xfig.XXXXXX", TMPDIR);
data/xfig-3.2.7b/src/u_create.c:148:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*dest,*source);
data/xfig-3.2.7b/src/u_create.c:663:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text->cstring, t->cstring);
data/xfig-3.2.7b/src/u_print.c:134:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(cmd, "%s -L %s", fig2dev_cmd, lang);
data/xfig-3.2.7b/src/u_print.c:137:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(cmd + n, " %s", appres.fig2dev_localize_option);
data/xfig-3.2.7b/src/u_print.c:144:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(cmd + n, " %s", layers);
data/xfig-3.2.7b/src/u_print.c:182:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(tmpcmd + n, " -z %s -n %s %s",
data/xfig-3.2.7b/src/u_print.c:196:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(tmpcmd + n, " -G %s", grid);
data/xfig-3.2.7b/src/u_print.c:199:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(tmpcmd + n, " -g \\%s", backgrnd);
data/xfig-3.2.7b/src/u_print.c:205:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd, "%s %s | %s", tmpcmd, tmpfile, syspr);
data/xfig-3.2.7b/src/u_print.c:240:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, repl);
data/xfig-3.2.7b/src/u_print.c:245:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, prcmd);
data/xfig-3.2.7b/src/u_print.c:303:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -n %s", name);
data/xfig-3.2.7b/src/u_print.c:309:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -g \\%s", backgrnd);
data/xfig-3.2.7b/src/u_print.c:316:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -G %s", grid);
data/xfig-3.2.7b/src/u_print.c:325:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -z %s %s",
data/xfig-3.2.7b/src/u_print.c:357:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:364:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " %s", tmp_fig_file);
data/xfig-3.2.7b/src/u_print.c:367:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s", tmp_name);
data/xfig-3.2.7b/src/u_print.c:375:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpcmd, prcmd);
data/xfig-3.2.7b/src/u_print.c:390:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " -p %s %s %s",
data/xfig-3.2.7b/src/u_print.c:399:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:408:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_name, outfile);
data/xfig-3.2.7b/src/u_print.c:416:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -p %s", outfile);
data/xfig-3.2.7b/src/u_print.c:421:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, tmp_name);
data/xfig-3.2.7b/src/u_print.c:427:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:438:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -G %s", grid);
data/xfig-3.2.7b/src/u_print.c:443:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -n %s", name);
data/xfig-3.2.7b/src/u_print.c:449:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -g \\%s", backgrnd);
data/xfig-3.2.7b/src/u_print.c:458:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:469:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -z %s",
data/xfig-3.2.7b/src/u_print.c:475:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:482:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:500:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n,
data/xfig-3.2.7b/src/u_print.c:526:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -g \\%s", backgrnd);
data/xfig-3.2.7b/src/u_print.c:528:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:538:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " -E %d %s %s",
data/xfig-3.2.7b/src/u_print.c:545:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n += sprintf(prcmd + n, " -g \\%s", backgrnd);
data/xfig-3.2.7b/src/u_print.c:551:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:558:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:563:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prcmd + n, " %s %s", tmp_fig_file, outfile);
data/xfig-3.2.7b/src/u_print.c:594:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "lp %s %s",
data/xfig-3.2.7b/src/u_print.c:598:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s %s",
data/xfig-3.2.7b/src/u_print.c:599:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access("/usr/bin/lp", X_OK)?"lpr":"lp",
data/xfig-3.2.7b/src/u_print.c:608:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "lp %s -d%s %s",
data/xfig-3.2.7b/src/u_print.c:613:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s %s %s%s %s",
data/xfig-3.2.7b/src/u_print.c:614:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access("/usr/bin/lp", X_OK)?"lpr":"lp",
data/xfig-3.2.7b/src/u_print.c:616:3: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access("/usr/bin/lp", X_OK)?"-P":"-d",
data/xfig-3.2.7b/src/u_print.c:647:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command, errfname);
data/xfig-3.2.7b/src/u_print.c:650:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
status=system(command);
data/xfig-3.2.7b/src/u_print.c:726:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(list,num);
data/xfig-3.2.7b/src/u_print.c:742:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(notlist,num);
data/xfig-3.2.7b/src/u_print.c:749:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(list,num);
data/xfig-3.2.7b/src/u_print.c:756:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(notlist,num);
data/xfig-3.2.7b/src/u_print.c:762:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(layers," -D +%s ",list);
data/xfig-3.2.7b/src/u_print.c:765:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(layers," -D -%s ",notlist);
data/xfig-3.2.7b/src/u_redraw.c:562:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pname,paper_sizes[appres.papersize].fname);
data/xfig-3.2.7b/src/u_undo.c:650:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctemp, cur_filename);
data/xfig-3.2.7b/src/u_undo.c:652:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_filename, ctemp);
data/xfig-3.2.7b/src/w_browse.c:120:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_viewed, fval); /* indicate name as viewed */
data/xfig-3.2.7b/src/w_browse.c:127:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( path,dval );
data/xfig-3.2.7b/src/w_browse.c:129:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( path, fval );
data/xfig-3.2.7b/src/w_browse.c:156:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_dir, cur_browse_dir);
data/xfig-3.2.7b/src/w_browse.c:165:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(browse_filename, pval);
data/xfig-3.2.7b/src/w_browse.c:167:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_dir, pval);
data/xfig-3.2.7b/src/w_browse.c:168:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(browse_filename, fval+1);
data/xfig-3.2.7b/src/w_canvas.c:794:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, XFIGLIBDIR);
data/xfig-3.2.7b/src/w_canvas.c:796:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, appres.keyFile);
data/xfig-3.2.7b/src/w_canvas.c:801:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, getenv("HOME"));
data/xfig-3.2.7b/src/w_canvas.c:806:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, appres.keyFile);
data/xfig-3.2.7b/src/w_canvas.c:823:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(local_translations, line);
data/xfig-3.2.7b/src/w_cmdpanel.c:816:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_filename,cur_filename);
data/xfig-3.2.7b/src/w_cmdpanel.c:1286:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_image_editor, panel_get_value(image_ed));
data/xfig-3.2.7b/src/w_cmdpanel.c:1287:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_spellchk, panel_get_value(spell_chk));
data/xfig-3.2.7b/src/w_cmdpanel.c:1288:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_browser, panel_get_value(browser));
data/xfig-3.2.7b/src/w_cmdpanel.c:1289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_pdfviewer, panel_get_value(pdfview));
data/xfig-3.2.7b/src/w_cmdpanel.c:1376:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (cur_filename!=newname) strcpy(cur_filename,newname);
data/xfig-3.2.7b/src/w_cmdpanel.c:1456:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dir,filename);
data/xfig-3.2.7b/src/w_cmdpanel.c:1460:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, dir); /* update current directory */
data/xfig-3.2.7b/src/w_cmdpanel.c:1461:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir, dir); /* and export current directory */
data/xfig-3.2.7b/src/w_cmdpanel.c:1500:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s font characters:",
data/xfig-3.2.7b/src/w_cmdpanel.c:1565:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s font characters:",
data/xfig-3.2.7b/src/w_color.c:1757:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmphex,hexvalue);
data/xfig-3.2.7b/src/w_color.c:2098:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colorname,colorNames[cur_pencolor + 1].name);
data/xfig-3.2.7b/src/w_color.c:2171:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(colorname,colorNames[cur_fillcolor + 1].name);
data/xfig-3.2.7b/src/w_digitize.c:398:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(example,"%s_%04d.%s", prefix, seq, suffix);
data/xfig-3.2.7b/src/w_dir.c:133:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CurrentSelectionName, ret_struct->string);
data/xfig-3.2.7b/src/w_dir.c:164:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CurrentSelectionName, ret_struct->string);
data/xfig-3.2.7b/src/w_dir.c:183:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir, dir);
data/xfig-3.2.7b/src/w_dir.c:184:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, dir);
data/xfig-3.2.7b/src/w_dir.c:195:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_browse_dir,dir);
data/xfig-3.2.7b/src/w_dir.c:199:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir,dir);
data/xfig-3.2.7b/src/w_dir.c:224:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_browse_dir,ndir); /* save in global var */
data/xfig-3.2.7b/src/w_dir.c:230:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir,ndir); /* save in global var */
data/xfig-3.2.7b/src/w_dir.c:249:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(longpath,getenv("HOME"));
data/xfig-3.2.7b/src/w_dir.c:252:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(longpath,&path[1]); /* append the rest of the path */
data/xfig-3.2.7b/src/w_dir.c:256:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(longpath,&path[1]);
data/xfig-3.2.7b/src/w_dir.c:263:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(longpath,path);
data/xfig-3.2.7b/src/w_dir.c:265:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(longpath,who->pw_dir);
data/xfig-3.2.7b/src/w_dir.c:268:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(longpath,p); /* attach stuff after the / */
data/xfig-3.2.7b/src/w_dir.c:568:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmask, mask);
data/xfig-3.2.7b/src/w_dir.c:663:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ndir, cur_browse_dir);
data/xfig-3.2.7b/src/w_dir.c:665:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ndir, cur_file_dir);
data/xfig-3.2.7b/src/w_dir.c:667:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ndir, cur_export_dir);
data/xfig-3.2.7b/src/w_dir.c:683:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ndir, dir);
data/xfig-3.2.7b/src/w_dir.c:686:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ndir, dir); /* abs path copy to ndir */
data/xfig-3.2.7b/src/w_dir.c:699:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_browse_dir,ndir); /* update global var */
data/xfig-3.2.7b/src/w_dir.c:711:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir,ndir); /* update global var */
data/xfig-3.2.7b/src/w_dir.c:741:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_browse_dir,dir); /* save in global var */
data/xfig-3.2.7b/src/w_dir.c:763:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir,dir); /* save in global var */
data/xfig-3.2.7b/src/w_dir.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathname, root);
data/xfig-3.2.7b/src/w_dir.c:815:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pathname, filename);
data/xfig-3.2.7b/src/w_drawprim.c:144:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template,x_fontinfo[f].template); /* nope, check for font size 0 */
data/xfig-3.2.7b/src/w_drawprim.c:173:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template,x_fontinfo[f].template);
data/xfig-3.2.7b/src/w_drawprim.c:175:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(backup_template,x_backup_fontinfo[f].template);
data/xfig-3.2.7b/src/w_drawprim.c:318:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn,nf->fname); /* put the name in fn */
data/xfig-3.2.7b/src/w_drawprim.c:323:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn,nf->fname); /* put the name in fn */
data/xfig-3.2.7b/src/w_drawprim.c:341:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s-%d", x_fontinfo[fnum].template, size);
data/xfig-3.2.7b/src/w_drawprim.c:344:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template,x_fontinfo[fnum].template);
data/xfig-3.2.7b/src/w_drawprim.c:359:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fn, template, size);
data/xfig-3.2.7b/src/w_drawprim.c:361:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template,x_backup_fontinfo[fnum].template);
data/xfig-3.2.7b/src/w_drawprim.c:373:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(back_fn, template, size);
data/xfig-3.2.7b/src/w_drawprim.c:377:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nf->fname, fn);
data/xfig-3.2.7b/src/w_drawprim.c:380:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nf->bname, back_fn);
data/xfig-3.2.7b/src/w_drawprim.c:403:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template, fn);
data/xfig-3.2.7b/src/w_drawprim.c:405:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(template, (sub+8));
data/xfig-3.2.7b/src/w_drawprim.c:413:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nf->fname, nf->bname);
data/xfig-3.2.7b/src/w_drawprim.c:418:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(template, nf->bname);
data/xfig-3.2.7b/src/w_drawprim.c:420:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(template, (sub+8));
data/xfig-3.2.7b/src/w_drawprim.c:435:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nf->fname, appres.normalFont); /* keep actual name */
data/xfig-3.2.7b/src/w_export.c:189:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_export_dir, save_export_dir);
data/xfig-3.2.7b/src/w_export.c:279:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(default_export_file, "NoName.%s",
data/xfig-3.2.7b/src/w_export.c:306:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "\"%s\" is an input file.\nExport aborted", fval);
data/xfig-3.2.7b/src/w_export.c:317:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_export_dir, cur_export_dir);
data/xfig-3.2.7b/src/w_export.c:365:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(default_export_file,fval);
data/xfig-3.2.7b/src/w_export.c:548:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mask,"*.%s",lang_items[lang]);
data/xfig-3.2.7b/src/w_export.c:637:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
val = strtok(strcpy(buf, grid_choices[grid_minor]), " ");
data/xfig-3.2.7b/src/w_export.c:661:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
val = strtok(strcpy(buf, grid_choices[grid_major]), " ");
data/xfig-3.2.7b/src/w_export.c:841:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Figure size: %.1f%s x %.1f%s",
data/xfig-3.2.7b/src/w_export.c:1206:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Figure size: %.1f%s x %.1f%s",
data/xfig-3.2.7b/src/w_export.c:1900:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_export_dir, cur_file_dir);
data/xfig-3.2.7b/src/w_export.c:1956:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(default_export_file, xf_basename(cur_filename));
data/xfig-3.2.7b/src/w_export.c:1975:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(default_export_file, lang_items[cur_exp_lang]);
data/xfig-3.2.7b/src/w_file.c:238:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, fval);
data/xfig-3.2.7b/src/w_file.c:240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, cur_filename); /* use current filename */
data/xfig-3.2.7b/src/w_file.c:251:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, dval);
data/xfig-3.2.7b/src/w_file.c:253:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, fname);
data/xfig-3.2.7b/src/w_file.c:338:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, cur_filename); /* Filename widget empty, use current filename */
data/xfig-3.2.7b/src/w_file.c:340:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, fval); /* get name from widget */
data/xfig-3.2.7b/src/w_file.c:348:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_file_dir, dval);
data/xfig-3.2.7b/src/w_file.c:380:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, fval);
data/xfig-3.2.7b/src/w_file.c:406:2: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(xxargv[0], xxargv);
data/xfig-3.2.7b/src/w_file.c:475:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, fval);
data/xfig-3.2.7b/src/w_file.c:477:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, cur_filename); /* "Filename" widget empty, use current filename */
data/xfig-3.2.7b/src/w_file.c:494:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_file_dir, dval);
data/xfig-3.2.7b/src/w_file.c:539:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bak_name,file);
data/xfig-3.2.7b/src/w_file.c:959:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_file_dir, cur_file_dir);
data/xfig-3.2.7b/src/w_help.c:51:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/html/index.html", XFIGDOCDIR);
data/xfig-3.2.7b/src/w_help.c:55:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
data/xfig-3.2.7b/src/w_help.c:57:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/html/index.html", XFIGDOCDIR);
data/xfig-3.2.7b/src/w_help.c:66:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/xfig_ref_en.pdf",XFIGDOCDIR);
data/xfig-3.2.7b/src/w_help.c:73:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/xfig_ref_jp.pdf",XFIGDOCDIR);
data/xfig-3.2.7b/src/w_help.c:81:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/xfig-howto.pdf",XFIGDOCDIR);
data/xfig-3.2.7b/src/w_help.c:88:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/xfig_man.html",XFIGDOCDIR);
data/xfig-3.2.7b/src/w_help.c:110:2: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(browsecommand);
data/xfig-3.2.7b/src/w_help.c:164:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info,xfig_version);
data/xfig-3.2.7b/src/w_help.c:166:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(info, RELEASE_YEAR);
data/xfig-3.2.7b/src/w_i18n.c:717:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_locale, cur_locale);
data/xfig-3.2.7b/src/w_indpanel.c:1016:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,"%s %s",isw->line1,isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:1101:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s", isw->line1);
data/xfig-3.2.7b/src/w_indpanel.c:1103:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg + strlen(msg), " %s", isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:1706:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Xfig: %s %s Panel",isw->line1,isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:1738:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s", isw->line1, isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:2014:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s", isw->line1, isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:2202:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"Xfig: %s %s Panel",isw->line1,isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:2219:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s", isw->line1, isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:3332:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "Line col=%s", short_clrNames[cur_dimline_color+1]);
data/xfig-3.2.7b/src/w_indpanel.c:3349:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "Ticks: %s", cur_dimline_ticks? "yes": "no");
data/xfig-3.2.7b/src/w_indpanel.c:3359:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "Box col=%s", short_clrNames[cur_dimline_boxcolor+1]);
data/xfig-3.2.7b/src/w_indpanel.c:3365:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "Text col=%s", short_clrNames[cur_dimline_textcolor+1]);
data/xfig-3.2.7b/src/w_indpanel.c:3376:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "Text fixed: %s", cur_dimline_fixed? "yes": "no");
data/xfig-3.2.7b/src/w_indpanel.c:3755:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/xfig-3.2.7b/src/w_indpanel.c:3985:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "hidden=%s",
data/xfig-3.2.7b/src/w_indpanel.c:3989:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "TeX=%s",
data/xfig-3.2.7b/src/w_indpanel.c:3993:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(indbuf, "rigid=%s",
data/xfig-3.2.7b/src/w_library.c:407:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_file_dir, cur_file_dir);
data/xfig-3.2.7b/src/w_library.c:408:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, cur_library_path);
data/xfig-3.2.7b/src/w_library.c:415:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname,"%s%s",cur_objects_names[obj],".fig");
data/xfig-3.2.7b/src/w_library.c:430:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, save_file_dir);
data/xfig-3.2.7b/src/w_library.c:466:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_file_dir, save_file_dir);
data/xfig-3.2.7b/src/w_library.c:1045:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(menu_name, "%s ", librec[i]->name);
data/xfig-3.2.7b/src/w_library.c:1047:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(menu_name, " %s ", librec[i]->name); /* to align with ones with diamonds */
data/xfig-3.2.7b/src/w_library.c:1050:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(menu_name, " %s", librec[i]->name);
data/xfig-3.2.7b/src/w_library.c:1051:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(submenu_name, "%sMenu", librec[i]->name);
data/xfig-3.2.7b/src/w_library.c:1214:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(librec->longname, lname);
data/xfig-3.2.7b/src/w_library.c:1217:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(librec->name, name);
data/xfig-3.2.7b/src/w_library.c:1220:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(librec->path, path);
data/xfig-3.2.7b/src/w_library.c:1286:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path2, "%s/%s", path, dp->d_name);
data/xfig-3.2.7b/src/w_library.c:1296:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lname, dp->d_name);
data/xfig-3.2.7b/src/w_library.c:1301:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lname, "%s / %s",longname, dp->d_name);
data/xfig-3.2.7b/src/w_library.c:1380:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(s, "%s %[^\n]", path2, name) == 1) {
data/xfig-3.2.7b/src/w_library.c:1382:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, strrchr(path2, '/') + 1);
data/xfig-3.2.7b/src/w_library.c:1386:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,c);
data/xfig-3.2.7b/src/w_library.c:1388:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, path2);
data/xfig-3.2.7b/src/w_library.c:1583:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(obj_list[numobj],dp->d_name);
data/xfig-3.2.7b/src/w_library.c:1609:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(statstr, format, ap );
data/xfig-3.2.7b/src/w_mousefun.c:284:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_l, left);
data/xfig-3.2.7b/src/w_mousefun.c:285:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_m, middle);
data/xfig-3.2.7b/src/w_mousefun.c:286:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_r, right);
data/xfig-3.2.7b/src/w_mousefun.c:287:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_sh_l, sh_left);
data/xfig-3.2.7b/src/w_mousefun.c:288:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_sh_m, sh_middle);
data/xfig-3.2.7b/src/w_mousefun.c:289:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_sh_r, sh_right);
data/xfig-3.2.7b/src/w_mousefun.c:426:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_cur_l, left);
data/xfig-3.2.7b/src/w_mousefun.c:427:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_cur_m, middle);
data/xfig-3.2.7b/src/w_mousefun.c:428:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mousefun_cur_r, right);
data/xfig-3.2.7b/src/w_msgpanel.c:121:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(prompt, format, ap );
data/xfig-3.2.7b/src/w_msgpanel.c:586:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tmpstr, sizeof(tmpstr)-2, format, ap);
data/xfig-3.2.7b/src/w_msgpanel.c:749:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%.3f square %s", length /
data/xfig-3.2.7b/src/w_msgpanel.c:754:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "%%.%df %%s", cur_dimline_prec);
data/xfig-3.2.7b/src/w_msgpanel.c:755:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, format, length / PIX_PER_CM*appres.userscale, cur_fig_units);
data/xfig-3.2.7b/src/w_msgpanel.c:762:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "%%.%df %%s", cur_dimline_prec);
data/xfig-3.2.7b/src/w_msgpanel.c:763:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, format, ulen, cur_fig_units);
data/xfig-3.2.7b/src/w_msgpanel.c:769:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%d %s", ilen, cur_fig_units);
data/xfig-3.2.7b/src/w_msgpanel.c:779:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpstr,"%d %s ", ifeet, cur_fig_units);
data/xfig-3.2.7b/src/w_msgpanel.c:795:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%d-%d/%d %s", tmpstr, abs(ilen), abs(ifract), iexp, units);
data/xfig-3.2.7b/src/w_msgpanel.c:799:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "%%s%%.%df %%s", cur_dimline_prec);
data/xfig-3.2.7b/src/w_msgpanel.c:800:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, format, tmpstr, ulen, units);
data/xfig-3.2.7b/src/w_msgpanel.c:806:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str,"%s%d %s", tmpstr, ilen, units);
data/xfig-3.2.7b/src/w_msgpanel.c:812:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(format, "%%.%df square %%s", cur_dimline_prec);
data/xfig-3.2.7b/src/w_msgpanel.c:813:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, format, length /
data/xfig-3.2.7b/src/w_print.c:179:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmd) != 0)
data/xfig-3.2.7b/src/w_print.c:184:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd, param_val);
data/xfig-3.2.7b/src/w_print.c:188:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd2, c1+2); /* save tail */
data/xfig-3.2.7b/src/w_print.c:189:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c1, cur_filename); /* change %f to filename */
data/xfig-3.2.7b/src/w_print.c:190:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(c1, cmd2); /* append tail */
data/xfig-3.2.7b/src/w_print.c:314:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(batch_file, "%s/xfig-batch.XXXXXX", TMPDIR);
data/xfig-3.2.7b/src/w_print.c:538:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
val = strtok(strcpy(buf, grid_choices[grid_minor]), " ");
data/xfig-3.2.7b/src/w_print.c:562:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
val = strtok(strcpy(buf, grid_choices[grid_major]), " ");
data/xfig-3.2.7b/src/w_print.c:595:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Fig Size: %.1f%s x %.1f%s",
data/xfig-3.2.7b/src/w_print.c:749:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Fig Size: %.1f%s x %.1f%s ",
data/xfig-3.2.7b/src/w_rulers.c:351:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"1%s = %.2f%s", appres.INCHES? "in": "cm",
data/xfig-3.2.7b/src/w_rulers.c:354:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_fig_units, appres.INCHES ? "in" : "cm");
data/xfig-3.2.7b/src/w_rulers.c:590:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"1%s = %.2f%s",
data/xfig-3.2.7b/src/w_rulers.c:613:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"1%s = %.2f%s", appres.INCHES? "in":"cm", appres.userscale, cur_fig_units);
data/xfig-3.2.7b/src/w_rulers.c:1204:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), precstr, (float)(1.0 * i / tickmod));
data/xfig-3.2.7b/src/w_rulers.c:1463:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), precstr, (float)(1.0 * i / tickmod));
data/xfig-3.2.7b/src/w_srchrepl.c:206:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, dst);
data/xfig-3.2.7b/src/w_srchrepl.c:217:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, &t->cstring[j]);
data/xfig-3.2.7b/src/w_srchrepl.c:227:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->cstring, str);
data/xfig-3.2.7b/src/w_srchrepl.c:276:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tmpstr, format, ap );
data/xfig-3.2.7b/src/w_srchrepl.c:307:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tmpstr, format, ap );
data/xfig-3.2.7b/src/w_srchrepl.c:822:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(cmd, "r");
data/xfig-3.2.7b/src/w_srchrepl.c:891:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(selected_word, ret_struct->string);
data/xfig-3.2.7b/src/w_srchrepl.c:922:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tmpstr, format, ap );
data/xfig-3.2.7b/src/w_style.c:290:30: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i < MAX_STYLE_ELEMENT && sscanf (string, "%s : %s", name, value) == 2) {
data/xfig-3.2.7b/src/w_style.c:369:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, xfigrc_name);
data/xfig-3.2.7b/src/w_style.c:388:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, xfigrc_name);
data/xfig-3.2.7b/src/w_style.c:650:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ftemp, fval);
data/xfig-3.2.7b/src/w_style.c:653:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (stemp, sval);
data/xfig-3.2.7b/src/w_util.c:572:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", colorNames[color + 1].name);
data/xfig-3.2.7b/src/w_util.c:1295:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, format, floatval);
data/xfig-3.2.7b/src/w_util.c:1428:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if (strlen(name)==0) sprintf(wm_title, "%s - No file", tool_name);
data/xfig-3.2.7b/src/w_util.c:1429:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(wm_title, "Xfig - %s", xf_basename(name));
data/xfig-3.2.7b/src/w_util.c:1696:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nam,name);
data/xfig-3.2.7b/src/f_readeps.c:316:10: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(tmpfile, psnam)) {
data/xfig-3.2.7b/src/f_util.c:134:21: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
extern char *getwd();
data/xfig-3.2.7b/src/f_util.c:136:9: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
if (getwd(direct) == NULL) { /* get current working dir */
data/xfig-3.2.7b/src/f_util.c:562:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom( (int) (time((time_t *)NULL)^getpid()) );
data/xfig-3.2.7b/src/f_util.c:565:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
thiserr[col] = ( random() % FS_SCALE - HALF_FS_SCALE) / 4;
data/xfig-3.2.7b/src/fig.h:128:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/xfig-3.2.7b/src/fig.h:137:14: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long lrand48();
data/xfig-3.2.7b/src/fig.h:138:16: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern double drand48();
data/xfig-3.2.7b/src/fig.h:139:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(seed) srand48((seed))
data/xfig-3.2.7b/src/fig.h:140:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() lrand48()
data/xfig-3.2.7b/src/fig.h:140:18: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() lrand48()
data/xfig-3.2.7b/src/fig.h:141:19: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define frandom() drand48()
data/xfig-3.2.7b/src/fig.h:144:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(seed) srand48((long)(seed))
data/xfig-3.2.7b/src/fig.h:145:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() lrand48()
data/xfig-3.2.7b/src/fig.h:145:18: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() lrand48()
data/xfig-3.2.7b/src/fig.h:146:19: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define frandom() drand48()
data/xfig-3.2.7b/src/fig.h:149:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern long random();
data/xfig-3.2.7b/src/fig.h:150:14: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern void srandom(unsigned int);
data/xfig-3.2.7b/src/fig.h:153:14: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern void srandom(int);
data/xfig-3.2.7b/src/fig.h:158:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define frandom() (random()*(1./2147483648.))
data/xfig-3.2.7b/src/fig.h:191:19: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define frandom() drand48()
data/xfig-3.2.7b/src/main.c:663:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((TMPDIR = getenv("XFIGTMPDIR"))==NULL) {
data/xfig-3.2.7b/src/main.c:664:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((TMPDIR = getenv("TMPDIR")) == NULL)
data/xfig-3.2.7b/src/main.c:795:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((fig2dev_path = getenv("FIG2DEV_DIR"))==NULL)
data/xfig-3.2.7b/src/main.c:1687:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
userhome = getenv("HOME");
data/xfig-3.2.7b/src/resources.h:414:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
#define XFIG_ENV_GIF_EDITOR getenv("XFIG_GIF_EDITOR")
data/xfig-3.2.7b/src/w_canvas.c:801:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(line, getenv("HOME"));
data/xfig-3.2.7b/src/w_dir.c:249:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strcpy(longpath,getenv("HOME"));
data/xfig-3.2.7b/src/w_help.c:53:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (appres.international && getenv("LANG")) {
data/xfig-3.2.7b/src/w_help.c:55:59: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sprintf(filename, "%s/html/%s/index.html", XFIGDOCDIR, getenv("LANG"));
data/xfig-3.2.7b/src/w_i18n.c:719:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
s = getenv("LANG");
data/xfig-3.2.7b/src/w_print.c:982:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
printer_val=getenv("PRINTER");
data/xfig-3.2.7b/src/SimpleMenu.c:610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[BUFSIZ];
data/xfig-3.2.7b/src/SimpleMenu.c:619:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[BUFSIZ];
data/xfig-3.2.7b/src/SimpleMenu.c:826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[BUFSIZ];
data/xfig-3.2.7b/src/SimpleMenu.c:996:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[BUFSIZ];
data/xfig-3.2.7b/src/SmeBSB.c:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/xfig-3.2.7b/src/Xfuncs.h:33:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void bcopy();
data/xfig-3.2.7b/src/Xfuncs.h:38:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(b1,b2,len) memmove(b2, b1, (size_t)(len))
data/xfig-3.2.7b/src/Xfuncs.h:48:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy _XBCOPYFUNC
data/xfig-3.2.7b/src/Xfuncs.h:51:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void bcopy();
data/xfig-3.2.7b/src/Xfuncs.h:55:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void bcopy();
data/xfig-3.2.7b/src/d_text.c:90:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[BUF_SIZE], /* part of string left of mouse click */
data/xfig-3.2.7b/src/d_text.c:136:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text_selection[500] = {'\0'};
data/xfig-3.2.7b/src/d_text.c:169:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char preedit_filename[PATH_MAX] = "";
data/xfig-3.2.7b/src/d_text.c:846:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2];
data/xfig-3.2.7b/src/d_text.c:1464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char substr[200];
data/xfig-3.2.7b/src/d_text.c:2172:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fp = fopen(preedit_filename, "r")) != NULL) {
data/xfig-3.2.7b/src/e_chop.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*this_line)->for_arrow, l->for_arrow, sizeof(F_arrow));
data/xfig-3.2.7b/src/e_chop.c:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*this_line)->back_arrow, l->back_arrow, sizeof(F_arrow));
data/xfig-3.2.7b/src/e_delete.c:257:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(cut_buf_name, "wb")) == NULL) {
data/xfig-3.2.7b/src/e_edit.c:223:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/xfig-3.2.7b/src/e_edit.c:415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[13];
data/xfig-3.2.7b/src/e_edit.c:939:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", orig_ratio);
data/xfig-3.2.7b/src/e_edit.c:979:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", orig_ratio);
data/xfig-3.2.7b/src/e_edit.c:1008:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", orig_ratio);
data/xfig-3.2.7b/src/e_edit.c:1045:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", orig_ratio);
data/xfig-3.2.7b/src/e_edit.c:1133:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Minimum: %d", min_compound_depth);
data/xfig-3.2.7b/src/e_edit.c:1144:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Maximum: %d", find_largest_depth(c));
data/xfig-3.2.7b/src/e_edit.c:1713:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%4d x %4d",
data/xfig-3.2.7b/src/e_edit.c:1716:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf," -- ");
data/xfig-3.2.7b/src/e_edit.c:1755:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%3d",new_l->pic->pic_cache->numcols);
data/xfig-3.2.7b/src/e_edit.c:1757:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"N/A");
data/xfig-3.2.7b/src/e_edit.c:1792:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"None");
data/xfig-3.2.7b/src/e_edit.c:1794:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%4d",(unsigned int) new_l->pic->pic_cache->transp);
data/xfig-3.2.7b/src/e_edit.c:1796:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf," N/A");
data/xfig-3.2.7b/src/e_edit.c:1961:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longname[PATH_MAX];
data/xfig-3.2.7b/src/e_edit.c:1981:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_l->radius = atoi(panel_get_value(radius));
data/xfig-3.2.7b/src/e_edit.c:1994:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_l->depth = atoi(panel_get_value(depth_panel));
data/xfig-3.2.7b/src/e_edit.c:2015:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", ratio);
data/xfig-3.2.7b/src/e_edit.c:2055:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d x %d",
data/xfig-3.2.7b/src/e_edit.c:2063:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"--");
data/xfig-3.2.7b/src/e_edit.c:2098:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%3d",new_l->pic->pic_cache->numcols);
data/xfig-3.2.7b/src/e_edit.c:2100:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"N/A");
data/xfig-3.2.7b/src/e_edit.c:2106:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"None");
data/xfig-3.2.7b/src/e_edit.c:2108:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%4d",(unsigned int) new_l->pic->pic_cache->transp);
data/xfig-3.2.7b/src/e_edit.c:2110:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf," N/A");
data/xfig-3.2.7b/src/e_edit.c:2114:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", new_l->pic->hw_ratio);
data/xfig-3.2.7b/src/e_edit.c:2417:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_t->size = atoi(panel_get_value(cur_fontsize_panel));
data/xfig-3.2.7b/src/e_edit.c:2423:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_t->depth = atoi(panel_get_value(depth_panel));
data/xfig-3.2.7b/src/e_edit.c:2576:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_e->angle = M_PI / 180 * atoi(panel_get_value(angle_panel));
data/xfig-3.2.7b/src/e_edit.c:2940:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
generic_vals.thickness = atoi(panel_get_value(thickness_panel));
data/xfig-3.2.7b/src/e_edit.c:2945:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
generic_vals.depth = atoi(panel_get_value(depth_panel));
data/xfig-3.2.7b/src/e_edit.c:2969:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((fill = atoi(val)) > 200 ||
data/xfig-3.2.7b/src/e_edit.c:2982:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((fill = atoi(val)) >= NUMPATTERNS)
data/xfig-3.2.7b/src/e_edit.c:3702:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(sval);
data/xfig-3.2.7b/src/e_edit.c:3736:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(sval);
data/xfig-3.2.7b/src/e_edit.c:4096:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", x);
data/xfig-3.2.7b/src/e_edit.c:4110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[10];
data/xfig-3.2.7b/src/e_edit.c:4123:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fmt, "%%.%df", prec);
data/xfig-3.2.7b/src/e_edit.c:4148:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", x);
data/xfig-3.2.7b/src/e_edit.c:4175:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", x);
data/xfig-3.2.7b/src/e_edit.c:4207:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(labelname,"_label");
data/xfig-3.2.7b/src/e_edit.c:4209:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(textname,"_text");
data/xfig-3.2.7b/src/e_edit.c:4447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/xfig-3.2.7b/src/e_edit.c:4511:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "X%d =", j);
data/xfig-3.2.7b/src/e_edit.c:4531:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Y%d =", j);
data/xfig-3.2.7b/src/e_edit.c:4565:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", npts);
data/xfig-3.2.7b/src/e_edit.c:4649:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", x);
data/xfig-3.2.7b/src/e_edit.c:4652:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.4lf", dval);
data/xfig-3.2.7b/src/e_edit.c:4669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/xfig-3.2.7b/src/e_edit.c:4688:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", ival);
data/xfig-3.2.7b/src/e_edit.c:4735:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xfig-3.2.7b/src/e_edit.c:4998:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.1f", ratio);
data/xfig-3.2.7b/src/e_edit.c:5137:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(sval);
data/xfig-3.2.7b/src/e_edit.c:5158:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fill = atoi(sval);
data/xfig-3.2.7b/src/e_edit.c:5209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/xfig-3.2.7b/src/e_edit.c:5295:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi(panel_get_value(depth_panel));
data/xfig-3.2.7b/src/e_edit.c:5308:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thick = atoi(panel_get_value(thickness_panel));
data/xfig-3.2.7b/src/e_edit.c:5340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[PATH_MAX],tmpname[PATH_MAX];
data/xfig-3.2.7b/src/e_edit.c:5340:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[PATH_MAX],tmpname[PATH_MAX];
data/xfig-3.2.7b/src/e_edit.c:5353:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmpname, "NoName"); /* no name, use "NoName" */
data/xfig-3.2.7b/src/e_edit.c:5360:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf(tmpfile,"%s_%ld.png",tmpname,tim);
data/xfig-3.2.7b/src/e_edit.c:5364:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (captureImage(popup, tmpfile) == True) {
data/xfig-3.2.7b/src/e_edit.c:5365:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
panel_set_value(pic_name_panel, tmpfile);
data/xfig-3.2.7b/src/e_edit.c:5378:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[20];
data/xfig-3.2.7b/src/e_edit.c:5380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[PATH_MAX];
data/xfig-3.2.7b/src/e_edit.c:5381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[PATH_MAX];
data/xfig-3.2.7b/src/e_edit.c:5456:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Maximum: %d", min_compound_depth);
data/xfig-3.2.7b/src/e_scale.c:827:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80], comment[100];
data/xfig-3.2.7b/src/f_load.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/xfig-3.2.7b/src/f_load.c:132:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname," (new file)");
data/xfig-3.2.7b/src/f_load.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/xfig-3.2.7b/src/f_load.c:207:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.2f",appres.magnification);
data/xfig-3.2.7b/src/f_load.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, path[PATH_MAX], num[3];
data/xfig-3.2.7b/src/f_load.c:333:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%1d",i+1);
data/xfig-3.2.7b/src/f_picobj.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20],realname[PATH_MAX];
data/xfig-3.2.7b/src/f_picobj.c:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unc[PATH_MAX+20]; /* temp buffer for gunzip command */
data/xfig-3.2.7b/src/f_picobj.c:273:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retname, ".Z");
data/xfig-3.2.7b/src/f_picobj.c:280:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retname, ".z");
data/xfig-3.2.7b/src/f_picobj.c:287:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retname, ".gz");
data/xfig-3.2.7b/src/f_picobj.c:316:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(name, "rb");
data/xfig-3.2.7b/src/f_picobj.c:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SIZE];
data/xfig-3.2.7b/src/f_read.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE]; /* input buffer */
data/xfig-3.2.7b/src/f_read.c:88:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *comments[MAXCOMMENTS]; /* comments saved for current object */
data/xfig-3.2.7b/src/f_read.c:206:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "r")) == NULL)
data/xfig-3.2.7b/src/f_read.c:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char versstring[10];
data/xfig-3.2.7b/src/f_read.c:326:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings->magnification = atoi(buf);
data/xfig-3.2.7b/src/f_read.c:349:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings->transparent = atoi(buf);
data/xfig-3.2.7b/src/f_read.c:577:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(size,"tabloid");
data/xfig-3.2.7b/src/f_read.c:877:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char picfile[PATH_MAX];
data/xfig-3.2.7b/src/f_read.c:965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[PATH_MAX];
data/xfig-3.2.7b/src/f_read.c:1299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[BUF_SIZE], s_temp[BUF_SIZE], junk[2];
data/xfig-3.2.7b/src/f_readeps.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/xfig-3.2.7b/src/f_readeps.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/xfig-3.2.7b/src/f_readeps.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[PATH_MAX],
data/xfig-3.2.7b/src/f_readeps.c:261:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[PATH_MAX],
data/xfig-3.2.7b/src/f_readeps.c:270:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy(tmpfile, pic->pic_cache->file);
data/xfig-3.2.7b/src/f_readeps.c:276:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
file = open_picfile(tmpfile, &filetype, PIPEOK, pixnam);
data/xfig-3.2.7b/src/f_readeps.c:277:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf(tmpfile, sizeof(tmpfile), "%s/xfig-eps.XXXXXX", TMPDIR);
data/xfig-3.2.7b/src/f_readeps.c:277:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf(tmpfile, sizeof(tmpfile), "%s/xfig-eps.XXXXXX", TMPDIR);
data/xfig-3.2.7b/src/f_readeps.c:278:14: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tmpfile)) == -1 || (tmpfp = fdopen(fd, "wb")) == NULL) {
data/xfig-3.2.7b/src/f_readeps.c:278:22: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((fd = mkstemp(tmpfile)) == -1 || (tmpfp = fdopen(fd, "wb")) == NULL) {
data/xfig-3.2.7b/src/f_readeps.c:280:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(tmpfile);
data/xfig-3.2.7b/src/f_readeps.c:283:48: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
file_msg("Couldn't open tmp file %s, %s", tmpfile, strerror(errno));
data/xfig-3.2.7b/src/f_readeps.c:292:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(pixnam)) == -1) {
data/xfig-3.2.7b/src/f_readeps.c:300:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(errnam)) == -1) {
data/xfig-3.2.7b/src/f_readeps.c:316:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!realpath(tmpfile, psnam)) {
data/xfig-3.2.7b/src/f_readeps.c:317:43: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
file_msg("Cannot canonicalize %s: %s\n", tmpfile, strerror(errno));
data/xfig-3.2.7b/src/f_readeps.c:368:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
unlink(tmpfile);
data/xfig-3.2.7b/src/f_readeps.c:370:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (status != 0 || (pixfile = fopen(pixnam, "rb")) == NULL) {
data/xfig-3.2.7b/src/f_readeps.c:371:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *errfile = fopen(errnam, "r");
data/xfig-3.2.7b/src/f_readeps.c:422:50: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
pcxfile = open_picfile(pixnam, &filtyp, PIPEOK, tmpfile);
data/xfig-3.2.7b/src/f_readgif.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFLEN],pcxname[PATH_MAX];
data/xfig-3.2.7b/src/f_readgif.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/xfig-3.2.7b/src/f_readgif.c:177:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(pcxname)) == -1) {
data/xfig-3.2.7b/src/f_readgif.c:195:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((giftopcx = fopen(pcxname, "rb")) == NULL) {
data/xfig-3.2.7b/src/f_readgif.c:236:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgb[3];
data/xfig-3.2.7b/src/f_readgif.c:253:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[256];
data/xfig-3.2.7b/src/f_readgif.c:283:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "UNKNOWN (0x%02x)", label);
data/xfig-3.2.7b/src/f_readjpg.c:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JMSG_LENGTH_MAX];
data/xfig-3.2.7b/src/f_readjpg.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JMSG_LENGTH_MAX];
data/xfig-3.2.7b/src/f_readold.c:474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/xfig-3.2.7b/src/f_readpng.c:191:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row_pointers[i], ptr, rowsize);
data/xfig-3.2.7b/src/f_readppm.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFLEN],pcxname[PATH_MAX];
data/xfig-3.2.7b/src/f_readppm.c:41:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(pcxname)) == -1) {
data/xfig-3.2.7b/src/f_readppm.c:59:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((giftopcx = fopen(pcxname, "rb")) == NULL) {
data/xfig-3.2.7b/src/f_readtif.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2*PATH_MAX+40],pcxname[PATH_MAX];
data/xfig-3.2.7b/src/f_readtif.c:40:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(pcxname)) == -1) {
data/xfig-3.2.7b/src/f_readtif.c:58:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tiftopcx = fopen(pcxname, "rb")) == NULL) {
data/xfig-3.2.7b/src/f_readxbm.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_SIZE]; /* input line from file */
data/xfig-3.2.7b/src/f_readxbm.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_and_type[MAX_SIZE]; /* an input line */
data/xfig-3.2.7b/src/f_save.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char save_cur_dir[PATH_MAX];
data/xfig-3.2.7b/src/f_save.c:78:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "wb")) == NULL) {
data/xfig-3.2.7b/src/f_save.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[40], *com;
data/xfig-3.2.7b/src/f_save.c:592:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(file_name, "wb")) == NULL)
data/xfig-3.2.7b/src/f_util.c:112:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[180];
data/xfig-3.2.7b/src/f_util.c:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plainname[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:677:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unc[PATH_MAX+20]; /* temp buffer for uncompress/gunzip command */
data/xfig-3.2.7b/src/f_util.c:682:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy(tmpfile, name); /* save original name */
data/xfig-3.2.7b/src/f_util.c:704:21: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy(name, tmpfile);
data/xfig-3.2.7b/src/f_util.c:728:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf(tmpfile, "%s%s", TMPDIR, c);
data/xfig-3.2.7b/src/f_util.c:730:12: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf(tmpfile, "%s/%s", TMPDIR, plainname);
data/xfig-3.2.7b/src/f_util.c:731:50: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf(unc, "gunzip -q -c %s > %s", name, tmpfile);
data/xfig-3.2.7b/src/f_util.c:736:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
strcpy(name, tmpfile);
data/xfig-3.2.7b/src/f_util.c:750:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[RC_BUFSIZ+1], *word, *opnd;
data/xfig-3.2.7b/src/f_util.c:759:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(xfigrc_name,"/.xfigrc");
data/xfig-3.2.7b/src/f_util.c:760:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xfigrc = fopen(xfigrc_name,"r");
data/xfig-3.2.7b/src/f_util.c:778:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_recent_files = min2(MAX_RECENT_FILES, atoi(opnd));
data/xfig-3.2.7b/src/f_util.c:803:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpname[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:844:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[RC_BUFSIZ+1], *tok;
data/xfig-3.2.7b/src/f_util.c:851:15: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tmpname)) == -1 || (tmpf = fdopen(fd, "wb")) == NULL) {
data/xfig-3.2.7b/src/f_util.c:861:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xfigrc = fopen(xfigrc_name,"r");
data/xfig-3.2.7b/src/f_util.c:865:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
xfigrc = fopen(xfigrc_name,"wb");
data/xfig-3.2.7b/src/f_util.c:1029:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[PATH_MAX];
data/xfig-3.2.7b/src/f_util.c:1089:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd2[PATH_MAX*2];
data/xfig-3.2.7b/src/f_util.c:1108:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd," 2> /dev/null &");
data/xfig-3.2.7b/src/main.c:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[PATH_MAX];
data/xfig-3.2.7b/src/main.c:768:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy ((char *) argv, (char *) xargv, argc * sizeof (char *));
data/xfig-3.2.7b/src/main.c:796:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fig2dev_cmd, "fig2dev");
data/xfig-3.2.7b/src/main.c:1692:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cut_buf_name, "/.xfig");
data/xfig-3.2.7b/src/main.c:1696:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(cut_buf_name)) == -1) {
data/xfig-3.2.7b/src/main.c:1936:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mapping[3];
data/xfig-3.2.7b/src/mode.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *grid_name[NUM_GRID_UNITS][GRID_4+1] = {
data/xfig-3.2.7b/src/mode.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_fig_units[200];
data/xfig-3.2.7b/src/mode.c:69:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_library_dir[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_image_editor[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_spellchk[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_browser[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_pdfviewer[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:85:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char batch_file[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:248:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EMPTY_PIC[8] = "<empty>";
data/xfig-3.2.7b/src/mode.c:252:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_file_dir[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:253:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_export_dir[PATH_MAX];
data/xfig-3.2.7b/src/mode.c:254:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_filename[PATH_MAX] = "";
data/xfig-3.2.7b/src/mode.c:255:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_filename[PATH_MAX] = ""; /* to undo load */
data/xfig-3.2.7b/src/mode.c:256:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_header[32];
data/xfig-3.2.7b/src/mode.c:257:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cut_buf_name[PATH_MAX]; /* path of .xfig cut buffer file */
data/xfig-3.2.7b/src/mode.c:258:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xfigrc_name[PATH_MAX]; /* path of .xfigrc file */
data/xfig-3.2.7b/src/mode.h:140:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *grid_name[NUM_GRID_UNITS][GRID_4+1];
data/xfig-3.2.7b/src/mode.h:176:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cur_fig_units[200];
data/xfig-3.2.7b/src/mode.h:177:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cur_library_dir[PATH_MAX];
data/xfig-3.2.7b/src/mode.h:178:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cur_image_editor[PATH_MAX];
data/xfig-3.2.7b/src/mode.h:179:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cur_spellchk[PATH_MAX];
data/xfig-3.2.7b/src/mode.h:180:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cur_browser[PATH_MAX];
data/xfig-3.2.7b/src/mode.h:181:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cur_pdfviewer[PATH_MAX];
data/xfig-3.2.7b/src/mode.h:257:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *lang_items[NUM_EXP_LANG];
data/xfig-3.2.7b/src/mode.h:258:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *lang_texts[NUM_EXP_LANG];
data/xfig-3.2.7b/src/mode.h:327:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char EMPTY_PIC[8];
data/xfig-3.2.7b/src/pcx.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char egapal[48]; /* 10h 16-Color EGA Palette */
data/xfig-3.2.7b/src/pcx.h:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fill[54]; /* 4Ah reserv */
data/xfig-3.2.7b/src/resources.c:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xfig_version[100];
data/xfig-3.2.7b/src/resources.c:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig_dir[PATH_MAX+2];
data/xfig-3.2.7b/src/resources.c:107:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tool_name[200];
data/xfig-3.2.7b/src/resources.c:111:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minor_grid[40], major_grid[40]; /* export/print grid values */
data/xfig-3.2.7b/src/resources.c:189:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fig2dev_cmd[PATH_MAX];
data/xfig-3.2.7b/src/resources.h:138:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char orig_dir[PATH_MAX+2];
data/xfig-3.2.7b/src/resources.h:148:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *short_clrNames[NUM_STD_COLS + 1];
data/xfig-3.2.7b/src/resources.h:164:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tool_name[200];
data/xfig-3.2.7b/src/resources.h:170:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char minor_grid[40], major_grid[40]; /* export/print grid values */
data/xfig-3.2.7b/src/resources.h:395:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char fig2dev_cmd[PATH_MAX];
data/xfig-3.2.7b/src/resources.h:401:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *orient_items[2];
data/xfig-3.2.7b/src/resources.h:402:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *just_items[2];
data/xfig-3.2.7b/src/resources.h:404:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *multiple_pages[2], *overlap_pages[2];
data/xfig-3.2.7b/src/resources.h:408:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *offset_unit_items[3];
data/xfig-3.2.7b/src/u_create.c:518:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(l->pic, line->pic, PIC_SIZE);
data/xfig-3.2.7b/src/u_draw.c:151:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bufx[10]; /* for appres.shownums */
data/xfig-3.2.7b/src/u_draw.c:261:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%d",i);
data/xfig-3.2.7b/src/u_draw.c:693:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%d",i++);
data/xfig-3.2.7b/src/u_draw.c:748:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%d",i++);
data/xfig-3.2.7b/src/u_draw.c:964:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tdata, data + j * nbytes, nbytes);
data/xfig-3.2.7b/src/u_draw.c:972:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data + jnb, tdata, nbytes);
data/xfig-3.2.7b/src/u_draw.c:973:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data + (height - j - 1) * nbytes, data + jnb, nbytes);
data/xfig-3.2.7b/src/u_draw.c:974:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tdata, data + (height - j - 1) * nbytes, nbytes);
data/xfig-3.2.7b/src/u_draw.c:1203:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bits[8] = { 1,2,4,8,16,32,64,128 };
data/xfig-3.2.7b/src/u_draw.c:2024:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/xfig-3.2.7b/src/u_draw.c:2028:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",depth);
data/xfig-3.2.7b/src/u_draw.c:2061:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%d",i++);
data/xfig-3.2.7b/src/u_error.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[MAXERRMSGLEN];
data/xfig-3.2.7b/src/u_error.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ernum[10];
data/xfig-3.2.7b/src/u_error.c:72:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(ernum, "%d", (int)err_ev->request_code);
data/xfig-3.2.7b/src/u_error.c:96:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (emergency_save(strcat(TMPDIR,"/SAVE.fig")) == -1)
data/xfig-3.2.7b/src/u_print.c:99:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
write_tmpfigfile(char *tmpfile, size_t len, char *template)
data/xfig-3.2.7b/src/u_print.c:103:11: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
snprintf(tmpfile, len, "%s/%s.XXXXXX", TMPDIR, template);
data/xfig-3.2.7b/src/u_print.c:105:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tmpfile)) == -1) {
data/xfig-3.2.7b/src/u_print.c:105:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ((fd = mkstemp(tmpfile)) == -1) {
data/xfig-3.2.7b/src/u_print.c:107:5: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tmpfile, strerror(errno));
data/xfig-3.2.7b/src/u_print.c:113:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (write_file(tmpfile, False)) {
data/xfig-3.2.7b/src/u_print.c:140:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(cmd + n, " -m %.4g", appres.magnification/100.);
data/xfig-3.2.7b/src/u_print.c:147:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(cmd + n, " -K");
data/xfig-3.2.7b/src/u_print.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layers[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syspr[2*PATH_MAX+200];
data/xfig-3.2.7b/src/u_print.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prcmd[2*PATH_MAX+200];
data/xfig-3.2.7b/src/u_print.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpcmd[255];
data/xfig-3.2.7b/src/u_print.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpfile[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:162:7: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
char tmpfile[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:166:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (write_tmpfigfile(tmpfile, sizeof(tmpfile), "xfig-print"))
data/xfig-3.2.7b/src/u_print.c:166:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (write_tmpfigfile(tmpfile, sizeof(tmpfile), "xfig-print"))
data/xfig-3.2.7b/src/u_print.c:173:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
name = tmpfile;
data/xfig-3.2.7b/src/u_print.c:187:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(tmpcmd + n, " -F");
data/xfig-3.2.7b/src/u_print.c:190:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(tmpcmd + n, " -c");
data/xfig-3.2.7b/src/u_print.c:193:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(tmpcmd + n, " -M");
data/xfig-3.2.7b/src/u_print.c:205:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
sprintf(prcmd, "%s %s | %s", tmpcmd, tmpfile, syspr);
data/xfig-3.2.7b/src/u_print.c:224:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
remove(tmpfile);
data/xfig-3.2.7b/src/u_print.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layers[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prcmd[2*PATH_MAX+200];
data/xfig-3.2.7b/src/u_print.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpcmd[255];
data/xfig-3.2.7b/src/u_print.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_name[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fig_file[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:306:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -F");
data/xfig-3.2.7b/src/u_print.c:312:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -b %d", border);
data/xfig-3.2.7b/src/u_print.c:323:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -P");
data/xfig-3.2.7b/src/u_print.c:329:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -x %d", xoff);
data/xfig-3.2.7b/src/u_print.c:331:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -y %d", yoff);
data/xfig-3.2.7b/src/u_print.c:334:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n," -M");
data/xfig-3.2.7b/src/u_print.c:336:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -O");
data/xfig-3.2.7b/src/u_print.c:339:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n," -c");
data/xfig-3.2.7b/src/u_print.c:347:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -A");
data/xfig-3.2.7b/src/u_print.c:350:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -C xxx");
data/xfig-3.2.7b/src/u_print.c:353:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -T");
data/xfig-3.2.7b/src/u_print.c:376:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpcmd, ".eps");
data/xfig-3.2.7b/src/u_print.c:381:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpcmd, ".pdf");
data/xfig-3.2.7b/src/u_print.c:409:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_name, "_t");
data/xfig-3.2.7b/src/u_print.c:419:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -b %d", border);
data/xfig-3.2.7b/src/u_print.c:441:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -b %d", border);
data/xfig-3.2.7b/src/u_print.c:446:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -F");
data/xfig-3.2.7b/src/u_print.c:454:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(suf, ".pdf'");
data/xfig-3.2.7b/src/u_print.c:456:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfile, ".pdf'");
data/xfig-3.2.7b/src/u_print.c:464:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n," -F");
data/xfig-3.2.7b/src/u_print.c:467:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -k");
data/xfig-3.2.7b/src/u_print.c:473:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -P");
data/xfig-3.2.7b/src/u_print.c:481:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prcmd + n, " -b %d", border);
data/xfig-3.2.7b/src/u_print.c:511:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n,
data/xfig-3.2.7b/src/u_print.c:517:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -b %d", border);
data/xfig-3.2.7b/src/u_print.c:520:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -S %d", appres.smooth_factor);
data/xfig-3.2.7b/src/u_print.c:523:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -F");
data/xfig-3.2.7b/src/u_print.c:556:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n += sprintf(prcmd + n, " -P");
data/xfig-3.2.7b/src/u_print.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errfname[PATH_MAX];
data/xfig-3.2.7b/src/u_print.c:633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[400];
data/xfig-3.2.7b/src/u_print.c:638:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(errfname)) == -1) {
data/xfig-3.2.7b/src/u_print.c:646:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command, " 2> ");
data/xfig-3.2.7b/src/u_print.c:653:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((errfile = fopen(errfname, "r")) == NULL) {
data/xfig-3.2.7b/src/u_print.c:683:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rgb_string,"#%02x%02x%02x",
data/xfig-3.2.7b/src/u_print.c:697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[PATH_MAX], notlist[PATH_MAX], num[10];
data/xfig-3.2.7b/src/u_print.c:775:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%0d",first);
data/xfig-3.2.7b/src/u_print.c:777:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%0d:%d",first,last);
data/xfig-3.2.7b/src/u_redraw.c:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[80];
data/xfig-3.2.7b/src/u_undo.c:177:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_l, (char*)&swp_l, sizeof(F_line));
data/xfig-3.2.7b/src/u_undo.c:178:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_l, (char*)old_l, sizeof(F_line));
data/xfig-3.2.7b/src/u_undo.c:179:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_l, (char*)new_l, sizeof(F_line));
data/xfig-3.2.7b/src/u_undo.c:194:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_s, (char*)&swp_s, sizeof(F_spline));
data/xfig-3.2.7b/src/u_undo.c:195:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_s, (char*)old_s, sizeof(F_spline));
data/xfig-3.2.7b/src/u_undo.c:196:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_s, (char*)new_s, sizeof(F_spline));
data/xfig-3.2.7b/src/u_undo.c:354:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_l, (char*)&swp_l, sizeof(F_line));
data/xfig-3.2.7b/src/u_undo.c:355:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_l, (char*)old_l, sizeof(F_line));
data/xfig-3.2.7b/src/u_undo.c:356:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_l, (char*)new_l, sizeof(F_line));
data/xfig-3.2.7b/src/u_undo.c:371:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_e, (char*)&swp_e, sizeof(F_ellipse));
data/xfig-3.2.7b/src/u_undo.c:372:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_e, (char*)old_e, sizeof(F_ellipse));
data/xfig-3.2.7b/src/u_undo.c:373:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_e, (char*)new_e, sizeof(F_ellipse));
data/xfig-3.2.7b/src/u_undo.c:388:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_t, (char*)&swp_t, sizeof(F_text));
data/xfig-3.2.7b/src/u_undo.c:389:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_t, (char*)old_t, sizeof(F_text));
data/xfig-3.2.7b/src/u_undo.c:390:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_t, (char*)new_t, sizeof(F_text));
data/xfig-3.2.7b/src/u_undo.c:405:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_s, (char*)&swp_s, sizeof(F_spline));
data/xfig-3.2.7b/src/u_undo.c:406:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_s, (char*)old_s, sizeof(F_spline));
data/xfig-3.2.7b/src/u_undo.c:407:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_s, (char*)new_s, sizeof(F_spline));
data/xfig-3.2.7b/src/u_undo.c:422:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_a, (char*)&swp_a, sizeof(F_arc));
data/xfig-3.2.7b/src/u_undo.c:423:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_a, (char*)old_a, sizeof(F_arc));
data/xfig-3.2.7b/src/u_undo.c:424:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_a, (char*)new_a, sizeof(F_arc));
data/xfig-3.2.7b/src/u_undo.c:439:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)old_c, (char*)&swp_c, sizeof(F_compound));
data/xfig-3.2.7b/src/u_undo.c:440:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)new_c, (char*)old_c, sizeof(F_compound));
data/xfig-3.2.7b/src/u_undo.c:441:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)&swp_c, (char*)new_c, sizeof(F_compound));
data/xfig-3.2.7b/src/u_undo.c:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[PATH_MAX];
data/xfig-3.2.7b/src/u_undo.c:529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[PATH_MAX];
data/xfig-3.2.7b/src/u_undo.c:643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[PATH_MAX];
data/xfig-3.2.7b/src/w_browse.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_browse_dir[PATH_MAX]; /* current directory for browsing */
data/xfig-3.2.7b/src/w_browse.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char browse_filename[PATH_MAX];
data/xfig-3.2.7b/src/w_browse.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char local_dir[PATH_MAX];
data/xfig-3.2.7b/src/w_browse.c:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char file_viewed[PATH_MAX]; /* name of file already previewed */
data/xfig-3.2.7b/src/w_canvas.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/xfig-3.2.7b/src/w_canvas.c:240:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char compose_buf[2];
data/xfig-3.2.7b/src/w_canvas.c:766:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[255];
data/xfig-3.2.7b/src/w_canvas.c:808:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((st = fopen(line, "r")) == NULL) {
data/xfig-3.2.7b/src/w_capture.c:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Red[MAX_COLORMAP_SIZE],
data/xfig-3.2.7b/src/w_capture.c:93:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pngfile = fopen(filename,"wb"))==0) {
data/xfig-3.2.7b/src/w_cmdpanel.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[10];
data/xfig-3.2.7b/src/w_cmdpanel.c:376:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%1d", j + 1);
data/xfig-3.2.7b/src/w_cmdpanel.c:390:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%1d", j + 1);
data/xfig-3.2.7b/src/w_cmdpanel.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xfig-3.2.7b/src/w_cmdpanel.c:1050:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", appres.balloon_delay);
data/xfig-3.2.7b/src/w_cmdpanel.c:1081:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",appres.freehand_resolution);
data/xfig-3.2.7b/src/w_cmdpanel.c:1095:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",max_recent_files);
data/xfig-3.2.7b/src/w_cmdpanel.c:1100:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",appres.max_image_colors);
data/xfig-3.2.7b/src/w_cmdpanel.c:1188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xfig-3.2.7b/src/w_cmdpanel.c:1220:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(panel_get_value(bal_delay));
data/xfig-3.2.7b/src/w_cmdpanel.c:1236:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(panel_get_value(n_freehand_resolution));
data/xfig-3.2.7b/src/w_cmdpanel.c:1244:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(panel_get_value(n_recent_files));
data/xfig-3.2.7b/src/w_cmdpanel.c:1254:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[10];
data/xfig-3.2.7b/src/w_cmdpanel.c:1259:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",max_recent_files);
data/xfig-3.2.7b/src/w_cmdpanel.c:1262:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(id, "%1d", i + 1);
data/xfig-3.2.7b/src/w_cmdpanel.c:1280:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(panel_get_value(max_colors));
data/xfig-3.2.7b/src/w_cmdpanel.c:1443:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi((char *) client_data);
data/xfig-3.2.7b/src/w_cmdpanel.c:1445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX], *c;
data/xfig-3.2.7b/src/w_cmdpanel.c:1473:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int which = atoi(*params);
data/xfig-3.2.7b/src/w_cmdpanel.c:1494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/xfig-3.2.7b/src/w_cmdpanel.c:1543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80], chr[2];
data/xfig-3.2.7b/src/w_cmdpanel.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[CMD_LABEL_LEN]; /* label on the button */
data/xfig-3.2.7b/src/w_cmdpanel.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menu_name[CMD_LABEL_LEN]; /* command name for resources */
data/xfig-3.2.7b/src/w_cmdpanel.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[CMD_LABEL_LEN]; /* label for mouse func and balloon */
data/xfig-3.2.7b/src/w_color.c:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8];
data/xfig-3.2.7b/src/w_color.c:354:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str,"#000000");
data/xfig-3.2.7b/src/w_color.c:943:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/xfig-3.2.7b/src/w_color.c:952:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"User %d",col);
data/xfig-3.2.7b/src/w_color.c:1054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/xfig-3.2.7b/src/w_color.c:1072:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%3d In use",count);
data/xfig-3.2.7b/src/w_color.c:1296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labl[5];
data/xfig-3.2.7b/src/w_color.c:1299:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(labl,"%d", indx+NUM_STD_COLS);
data/xfig-3.2.7b/src/w_color.c:1749:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *hexvalue, tmphex[10];
data/xfig-3.2.7b/src/w_color.c:1796:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexvalue[10];
data/xfig-3.2.7b/src/w_color.c:1798:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf(hexvalue, "#%02x%02x%02x",
data/xfig-3.2.7b/src/w_color.c:2080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorname[10];
data/xfig-3.2.7b/src/w_color.c:2102:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colorname,"%d",cur_pencolor);
data/xfig-3.2.7b/src/w_color.c:2152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorname[10];
data/xfig-3.2.7b/src/w_color.c:2174:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(colorname,"%d",cur_fillcolor);
data/xfig-3.2.7b/src/w_digitize.c:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char example[100];
data/xfig-3.2.7b/src/w_digitize.c:394:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq = atoi(panel_get_value(digitize_file_seq));
data/xfig-3.2.7b/src/w_dir.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char CurrentSelectionName[PATH_MAX];
data/xfig-3.2.7b/src/w_dir.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[PATH_MAX];
data/xfig-3.2.7b/src/w_dir.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longdir[PATH_MAX];
data/xfig-3.2.7b/src/w_dir.c:539:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *wild[MAX_MASKS],*cmask;
data/xfig-3.2.7b/src/w_dir.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_MASK_LEN];
data/xfig-3.2.7b/src/w_dir.c:659:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ndir[PATH_MAX];
data/xfig-3.2.7b/src/w_dir.c:789:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[PATH_MAX];
data/xfig-3.2.7b/src/w_drawprim.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[300];
data/xfig-3.2.7b/src/w_drawprim.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backup_template[300];
data/xfig-3.2.7b/src/w_drawprim.c:145:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"0-0-*-*-*-*-");
data/xfig-3.2.7b/src/w_drawprim.c:153:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"ISO8859-*");
data/xfig-3.2.7b/src/w_drawprim.c:155:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"*-*");
data/xfig-3.2.7b/src/w_drawprim.c:174:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"*-*-*-*-*-*-");
data/xfig-3.2.7b/src/w_drawprim.c:176:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(backup_template,"*-*-*-*-*-*-");
data/xfig-3.2.7b/src/w_drawprim.c:184:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"ISO8859-*");
data/xfig-3.2.7b/src/w_drawprim.c:185:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(backup_template,"ISO8859-*");
data/xfig-3.2.7b/src/w_drawprim.c:187:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"*-*");
data/xfig-3.2.7b/src/w_drawprim.c:188:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(backup_template,"*-*");
data/xfig-3.2.7b/src/w_drawprim.c:249:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(np + 2);
data/xfig-3.2.7b/src/w_drawprim.c:252:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(np + 13);
data/xfig-3.2.7b/src/w_drawprim.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[300],back_fn[300];
data/xfig-3.2.7b/src/w_drawprim.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[300], *sub;
data/xfig-3.2.7b/src/w_drawprim.c:346:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"%d-*-*-*-*-*-");
data/xfig-3.2.7b/src/w_drawprim.c:354:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"ISO8859-*");
data/xfig-3.2.7b/src/w_drawprim.c:356:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"*-*");
data/xfig-3.2.7b/src/w_drawprim.c:362:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"%d-*-*-*-*-*-");
data/xfig-3.2.7b/src/w_drawprim.c:370:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"ISO8859-*");
data/xfig-3.2.7b/src/w_drawprim.c:372:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template,"*-*");
data/xfig-3.2.7b/src/w_drawprim.c:404:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&template[sub-fn],"-condensed-");
data/xfig-3.2.7b/src/w_drawprim.c:419:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&template[sub-nf->bname],"-condensed-");
data/xfig-3.2.7b/src/w_drawprim.c:633:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shade_images[NUMSHADEPATS][128] = {
data/xfig-3.2.7b/src/w_drawprim.c:1329:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char dash_list[16][8] = {
data/xfig-3.2.7b/src/w_drawprim.c:1428:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XSetDashes(tool_d, gccache[op], 0, (char *) dash_list[op], 2);
data/xfig-3.2.7b/src/w_drawprim.c:1456:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XSetDashes(tool_d, gccache[op], 0, (char *) dash_list[op], nd);
data/xfig-3.2.7b/src/w_drawprim.h:110:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char shade_images[NUMSHADEPATS][128];
data/xfig-3.2.7b/src/w_export.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_export_file[PATH_MAX];
data/xfig-3.2.7b/src/w_export.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char save_export_dir[PATH_MAX];
data/xfig-3.2.7b/src/w_export.c:126:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char named_file[60];
data/xfig-3.2.7b/src/w_export.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transparent[10], backgrnd[10], grid[80];
data/xfig-3.2.7b/src/w_export.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/xfig-3.2.7b/src/w_export.c:272:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_export_file,"NoName.tif");
data/xfig-3.2.7b/src/w_export.c:274:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_export_file,"NoName.jpg");
data/xfig-3.2.7b/src/w_export.c:277:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_export_file,"NoName.pdf");
data/xfig-3.2.7b/src/w_export.c:335:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(transparent,"#%02x%02x%02x",
data/xfig-3.2.7b/src/w_export.c:344:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(transparent,"#%02x%02x%02x",
data/xfig-3.2.7b/src/w_export.c:534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[100];
data/xfig-3.2.7b/src/w_export.c:539:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mask, "*.tif");
data/xfig-3.2.7b/src/w_export.c:541:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mask, "*.jpg");
data/xfig-3.2.7b/src/w_export.c:544:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mask, "*.pdf");
data/xfig-3.2.7b/src/w_export.c:546:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mask, "*.eps");
data/xfig-3.2.7b/src/w_export.c:624:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_GRID_STRLEN];
data/xfig-3.2.7b/src/w_export.c:648:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_GRID_STRLEN];
data/xfig-3.2.7b/src/w_export.c:834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/xfig-3.2.7b/src/w_export.c:855:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_export.c:888:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_export.c:901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_export.c:907:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_export.c:927:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_export.c:933:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_export.c:944:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_export.c:950:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",appres.jpeg_quality);
data/xfig-3.2.7b/src/w_export.c:960:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_export.c:998:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_export.c:1121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/xfig-3.2.7b/src/w_export.c:1186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", appres.magnification);
data/xfig-3.2.7b/src/w_export.c:1243:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",appres.export_margin);
data/xfig-3.2.7b/src/w_export.c:1475:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",appres.jpeg_quality);
data/xfig-3.2.7b/src/w_export.c:1964:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(default_export_file, ".tif");
data/xfig-3.2.7b/src/w_export.c:1966:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(default_export_file, ".jpg");
data/xfig-3.2.7b/src/w_export.c:1969:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(default_export_file, ".pdf");
data/xfig-3.2.7b/src/w_export.c:1972:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(default_export_file, ".eps");
data/xfig-3.2.7b/src/w_file.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char save_file_dir[PATH_MAX];
data/xfig-3.2.7b/src/w_file.c:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40];
data/xfig-3.2.7b/src/w_file.c:232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX], fname[PATH_MAX];
data/xfig-3.2.7b/src/w_file.c:243:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname,".fig");
data/xfig-3.2.7b/src/w_file.c:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/xfig-3.2.7b/src/w_file.c:343:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname,".fig");
data/xfig-3.2.7b/src/w_file.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fval, fname[PATH_MAX];
data/xfig-3.2.7b/src/w_file.c:390:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname,".fig");
data/xfig-3.2.7b/src/w_file.c:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fval, *dval, fname[PATH_MAX];
data/xfig-3.2.7b/src/w_file.c:482:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fname,".fig");
data/xfig-3.2.7b/src/w_file.c:537:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bak_name[PATH_MAX];
data/xfig-3.2.7b/src/w_file.c:540:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bak_name,".bak");
data/xfig-3.2.7b/src/w_file.c:701:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", object_count(&objects));
data/xfig-3.2.7b/src/w_file.c:1227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char figsize[50];
data/xfig-3.2.7b/src/w_file.c:1362:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(figsize, "%.2f x %.2f in",width/PIX_PER_INCH,height/PIX_PER_INCH);
data/xfig-3.2.7b/src/w_file.c:1364:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(figsize, "%.1f x %.1f cm",width/PIX_PER_CM,height/PIX_PER_CM);
data/xfig-3.2.7b/src/w_file.c:1368:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(figsize, "%.1f x %.1f in",width/PIX_PER_INCH,height/PIX_PER_INCH);
data/xfig-3.2.7b/src/w_file.c:1370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(figsize, "%.0f x %.0f cm",width/PIX_PER_CM,height/PIX_PER_CM);
data/xfig-3.2.7b/src/w_fontbits.c:2297:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *psfont_menu_bits[NUM_FONTS + 1] = {
data/xfig-3.2.7b/src/w_fontbits.c:2488:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *latexfont_menu_bits[NUM_LATEX_FONTS] = {
data/xfig-3.2.7b/src/w_fontpanel.c:292:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XtWindow(ind_panel), (char *) psfont_menu_bits[i],
data/xfig-3.2.7b/src/w_fontpanel.c:298:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XtWindow(ind_panel), (char *) latexfont_menu_bits[i],
data/xfig-3.2.7b/src/w_grid.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char null_bits[null_width * null_height / 8] = {0};
data/xfig-3.2.7b/src/w_help.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/xfig-3.2.7b/src/w_help.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[400];
data/xfig-3.2.7b/src/w_help.c:165:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(info,"\n Parts Copyright \251 2016-");
data/xfig-3.2.7b/src/w_help.c:167:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(info, " by Thomas Loimer");
data/xfig-3.2.7b/src/w_help.c:168:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(info,"\n Parts Copyright \251 1989-2015 by Brian V. Smith");
data/xfig-3.2.7b/src/w_help.c:169:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(info,"\n Parts Copyright \251 1991 by Paul King");
data/xfig-3.2.7b/src/w_help.c:170:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(info,"\n Copyright \251 1985-1988 by Supoj Sutanthavibul");
data/xfig-3.2.7b/src/w_help.c:171:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(info,"\n See source files and man pages for other copyrights");
data/xfig-3.2.7b/src/w_i18n.c:607:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_str[400] = "";
data/xfig-3.2.7b/src/w_i18n.c:711:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char old_locale[100] = "C";
data/xfig-3.2.7b/src/w_i18n.c:712:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cur_locale[100] = "C";
data/xfig-3.2.7b/src/w_indpanel.c:181:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char indbuf[30];
data/xfig-3.2.7b/src/w_indpanel.c:554:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(upd_sw_info.line1,"Selects which settings are updated");
data/xfig-3.2.7b/src/w_indpanel.c:596:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(upd_set_sw_info.line1,"Sets all update flags");
data/xfig-3.2.7b/src/w_indpanel.c:611:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(upd_clr_sw_info.line1,"Clears all update flags");
data/xfig-3.2.7b/src/w_indpanel.c:626:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(upd_tog_sw_info.line1,"Toggles all update flags");
data/xfig-3.2.7b/src/w_indpanel.c:995:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[60];
data/xfig-3.2.7b/src/w_indpanel.c:1061:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[60];
data/xfig-3.2.7b/src/w_indpanel.c:1350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/xfig-3.2.7b/src/w_indpanel.c:1470:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",cur_arrowthick);
data/xfig-3.2.7b/src/w_indpanel.c:1484:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",cur_arrow_multthick);
data/xfig-3.2.7b/src/w_indpanel.c:1496:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",cur_arrowwidth);
data/xfig-3.2.7b/src/w_indpanel.c:1510:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",cur_arrow_multwidth);
data/xfig-3.2.7b/src/w_indpanel.c:1517:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",cur_arrowheight);
data/xfig-3.2.7b/src/w_indpanel.c:1531:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",cur_arrow_multheight);
data/xfig-3.2.7b/src/w_indpanel.c:1641:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/xfig-3.2.7b/src/w_indpanel.c:1670:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", cur_dashlength);
data/xfig-3.2.7b/src/w_indpanel.c:1673:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", cur_dotgap);
data/xfig-3.2.7b/src/w_indpanel.c:1735:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Colors");
data/xfig-3.2.7b/src/w_indpanel.c:1847:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", cur_dashlength);
data/xfig-3.2.7b/src/w_indpanel.c:1866:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", cur_dotgap);
data/xfig-3.2.7b/src/w_indpanel.c:1971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/xfig-3.2.7b/src/w_indpanel.c:2170:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new_i_value = atoi(panel_get_value(newvalue));
data/xfig-3.2.7b/src/w_indpanel.c:2185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/xfig-3.2.7b/src/w_indpanel.c:2237:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", (*isw->i_varadr));
data/xfig-3.2.7b/src/w_indpanel.c:2241:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.2f", (*isw->f_varadr));
data/xfig-3.2.7b/src/w_indpanel.c:2533:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%d",dimline_thick);
data/xfig-3.2.7b/src/w_indpanel.c:2587:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%d",dimline_boxthick);
data/xfig-3.2.7b/src/w_indpanel.c:2669:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%.1f",dimline_arrowlength);
data/xfig-3.2.7b/src/w_indpanel.c:2683:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%.1f",dimline_arrowwidth);
data/xfig-3.2.7b/src/w_indpanel.c:2720:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%d",dimline_tickthick);
data/xfig-3.2.7b/src/w_indpanel.c:2772:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%d",dimline_fontsize);
data/xfig-3.2.7b/src/w_indpanel.c:2816:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf,"%d",dimline_prec);
data/xfig-3.2.7b/src/w_indpanel.c:3147:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_dimline_thick = atoi(panel_get_value(line_thick_w));
data/xfig-3.2.7b/src/w_indpanel.c:3155:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_dimline_tickthick = atoi(panel_get_value(tick_thick_w));
data/xfig-3.2.7b/src/w_indpanel.c:3156:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_dimline_boxthick = atoi(panel_get_value(box_thick_w));
data/xfig-3.2.7b/src/w_indpanel.c:3160:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_dimline_fontsize = atoi(panel_get_value(font_size_w));
data/xfig-3.2.7b/src/w_indpanel.c:3163:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cur_dimline_prec = atoi(panel_get_value(dimline_precw));
data/xfig-3.2.7b/src/w_indpanel.c:3285:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Thk=%.1f %c ",thick,c);
data/xfig-3.2.7b/src/w_indpanel.c:3288:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Wid=%.1f %c ",width,c);
data/xfig-3.2.7b/src/w_indpanel.c:3291:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Len=%.1f %c ",height,c);
data/xfig-3.2.7b/src/w_indpanel.c:3328:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Line thick=%d", cur_dimline_thick);
data/xfig-3.2.7b/src/w_indpanel.c:3334:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Line col=%d", cur_dimline_color);
data/xfig-3.2.7b/src/w_indpanel.c:3337:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "L arrow typ=%d", cur_dimline_leftarrow);
data/xfig-3.2.7b/src/w_indpanel.c:3340:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "R arrow typ=%d", cur_dimline_rightarrow);
data/xfig-3.2.7b/src/w_indpanel.c:3343:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Arrow len=%.2f", cur_dimline_arrowlength);
data/xfig-3.2.7b/src/w_indpanel.c:3346:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Arrow wid=%.2f", cur_dimline_arrowwidth);
data/xfig-3.2.7b/src/w_indpanel.c:3352:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Tick thk=%d", cur_dimline_tickthick);
data/xfig-3.2.7b/src/w_indpanel.c:3355:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Box thk=%d", cur_dimline_boxthick);
data/xfig-3.2.7b/src/w_indpanel.c:3361:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Box col=%d", cur_dimline_boxcolor);
data/xfig-3.2.7b/src/w_indpanel.c:3367:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Text col=%d", cur_dimline_textcolor);
data/xfig-3.2.7b/src/w_indpanel.c:3370:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Text font=%d", cur_dimline_font);
data/xfig-3.2.7b/src/w_indpanel.c:3373:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Text size=%d", cur_dimline_fontsize);
data/xfig-3.2.7b/src/w_indpanel.c:3379:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "Dec. place: %d", cur_dimline_prec);
data/xfig-3.2.7b/src/w_indpanel.c:3383:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(indbuf," ");
data/xfig-3.2.7b/src/w_indpanel.c:3428:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, " %0d", cur_linewidth);
data/xfig-3.2.7b/src/w_indpanel.c:3430:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%0d", cur_linewidth);
data/xfig-3.2.7b/src/w_indpanel.c:3504:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%5.2f", cur_tangnormlen);
data/xfig-3.2.7b/src/w_indpanel.c:3743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xfig-3.2.7b/src/w_indpanel.c:4140:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%4d", cur_fontsize);
data/xfig-3.2.7b/src/w_indpanel.c:4182:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%5.1f", cur_elltextangle);
data/xfig-3.2.7b/src/w_indpanel.c:4256:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%6.2f", cur_rotnangle);
data/xfig-3.2.7b/src/w_indpanel.c:4314:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%3d", cur_numsides);
data/xfig-3.2.7b/src/w_indpanel.c:4345:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%2d", cur_numcopies);
data/xfig-3.2.7b/src/w_indpanel.c:4377:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%2d", cur_numxcopies);
data/xfig-3.2.7b/src/w_indpanel.c:4409:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%2d", cur_numycopies);
data/xfig-3.2.7b/src/w_indpanel.c:4648:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, " %.0f",display_zoomscale);
data/xfig-3.2.7b/src/w_indpanel.c:4650:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, " %.0f",display_zoomscale);
data/xfig-3.2.7b/src/w_indpanel.c:4652:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, " %.0f",display_zoomscale);
data/xfig-3.2.7b/src/w_indpanel.c:4656:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, " %.2f", display_zoomscale);
data/xfig-3.2.7b/src/w_indpanel.c:4659:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, " %.1f", display_zoomscale);
data/xfig-3.2.7b/src/w_indpanel.c:4662:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%.0f",display_zoomscale);
data/xfig-3.2.7b/src/w_indpanel.c:4708:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%3d", cur_depth);
data/xfig-3.2.7b/src/w_indpanel.c:4761:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(indbuf, "%4.1f", cur_textstep);
data/xfig-3.2.7b/src/w_indpanel.c:4785:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/xfig-3.2.7b/src/w_indpanel.c:4796:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d",i);
data/xfig-3.2.7b/src/w_indpanel.h:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line1[38], line2[8];
data/xfig-3.2.7b/src/w_layers.c:442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/xfig-3.2.7b/src/w_layers.c:480:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%3d", but);
data/xfig-3.2.7b/src/w_library.c:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[PATH_MAX];
data/xfig-3.2.7b/src/w_library.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_file_dir[PATH_MAX];
data/xfig-3.2.7b/src/w_library.c:564:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/xfig-3.2.7b/src/w_library.c:569:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (appres.library_icon_size < atoi(icon_sizes[0]))
data/xfig-3.2.7b/src/w_library.c:570:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
appres.library_icon_size = atoi(icon_sizes[0]);
data/xfig-3.2.7b/src/w_library.c:571:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (appres.library_icon_size > atoi(icon_sizes[num_icon_sizes-1]))
data/xfig-3.2.7b/src/w_library.c:572:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
appres.library_icon_size = atoi(icon_sizes[num_icon_sizes-1]);
data/xfig-3.2.7b/src/w_library.c:767:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%4d", appres.library_icon_size);
data/xfig-3.2.7b/src/w_library.c:1025:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submenu_name[200];
data/xfig-3.2.7b/src/w_library.c:1027:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menu_name[200];
data/xfig-3.2.7b/src/w_library.c:1163:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
appres.library_icon_size = atoi(new_size);
data/xfig-3.2.7b/src/w_library.c:1247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[PATH_MAX], lname[N_LIB_NAME_MAX];
data/xfig-3.2.7b/src/w_library.c:1358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c, s[N_LIB_LINE_MAX], name[N_LIB_NAME_MAX],path2[N_LIB_NAME_MAX];
data/xfig-3.2.7b/src/w_library.c:1373:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(path, "r")) == NULL) {
data/xfig-3.2.7b/src/w_library.c:1601:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char statstr[100];
data/xfig-3.2.7b/src/w_modepanel.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modemsg[MAX_MODEMSG_LEN]; /* message for function */
data/xfig-3.2.7b/src/w_mousefun.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_l[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_m[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_r[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_sh_l[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_sh_m[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_sh_r[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:403:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_cur_l[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:404:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_cur_m[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_mousefun.c:405:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mousefun_cur_r[MOUSEFUN_MAX];
data/xfig-3.2.7b/src/w_msgpanel.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prompt[BUF_SIZE];
data/xfig-3.2.7b/src/w_msgpanel.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpstr[512];
data/xfig-3.2.7b/src/w_msgpanel.c:142:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bufx[20], bufy[20], bufhyp[20];
data/xfig-3.2.7b/src/w_msgpanel.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxstr[80],dystr[80];
data/xfig-3.2.7b/src/w_msgpanel.c:198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%.3f", fabs(udx));
data/xfig-3.2.7b/src/w_msgpanel.c:200:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufy,"%.3f", fabs(udy));
data/xfig-3.2.7b/src/w_msgpanel.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dxstr[80],dystr[80];
data/xfig-3.2.7b/src/w_msgpanel.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenstr[80],dxstr[80],dystr[80];
data/xfig-3.2.7b/src/w_msgpanel.c:409:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufx,"%.3f", fabs(udx));
data/xfig-3.2.7b/src/w_msgpanel.c:411:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufy,"%.3f", fabs(udy));
data/xfig-3.2.7b/src/w_msgpanel.c:413:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufhyp,"%.3f", ulen);
data/xfig-3.2.7b/src/w_msgpanel.c:478:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len1str[80], len2str[80];
data/xfig-3.2.7b/src/w_msgpanel.c:479:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dx1str[80], dy1str[80], dx2str[80], dy2str[80];
data/xfig-3.2.7b/src/w_msgpanel.c:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char len1str[80], len2str[80], radstr[80];
data/xfig-3.2.7b/src/w_msgpanel.c:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dx1str[80], dy1str[80], dx2str[80], dy2str[80];
data/xfig-3.2.7b/src/w_msgpanel.c:536:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenstr[80],totlenstr[80];
data/xfig-3.2.7b/src/w_msgpanel.c:552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char areastr[80],totareastr[80];
data/xfig-3.2.7b/src/w_msgpanel.c:742:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[100], *units, format[20];
data/xfig-3.2.7b/src/w_print.c:71:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *printer_names[MAX_PRINTERS];
data/xfig-3.2.7b/src/w_print.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[255],cmd2[255];
data/xfig-3.2.7b/src/w_print.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backgrnd[10], grid[80];
data/xfig-3.2.7b/src/w_print.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_print.c:240:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_print.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_print.c:259:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_print.c:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/xfig-3.2.7b/src/w_print.c:285:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_print.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_exp_file[PATH_MAX];
data/xfig-3.2.7b/src/w_print.c:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[255];
data/xfig-3.2.7b/src/w_print.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backgrnd[10], grid[80];
data/xfig-3.2.7b/src/w_print.c:315:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(batch_file)) == -1) {
data/xfig-3.2.7b/src/w_print.c:334:12: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(tmp_exp_file)) == -1) {
data/xfig-3.2.7b/src/w_print.c:352:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infp = fopen(tmp_exp_file, "rb")) == NULL) {
data/xfig-3.2.7b/src/w_print.c:356:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((outfp = fopen(batch_file, "ab")) == NULL) {
data/xfig-3.2.7b/src/w_print.c:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[10];
data/xfig-3.2.7b/src/w_print.c:389:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num,"%3d",num_batch_figures);
data/xfig-3.2.7b/src/w_print.c:524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_GRID_STRLEN];
data/xfig-3.2.7b/src/w_print.c:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_GRID_STRLEN];
data/xfig-3.2.7b/src/w_print.c:587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/xfig-3.2.7b/src/w_print.c:605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/xfig-3.2.7b/src/w_print.c:614:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%.1f",appres.magnification);
data/xfig-3.2.7b/src/w_print.c:651:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/xfig-3.2.7b/src/w_print.c:719:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", appres.magnification);
data/xfig-3.2.7b/src/w_print.c:1252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/xfig-3.2.7b/src/w_print.c:1258:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((printcap=fopen(PRINTCAP,"r"))==NULL)
data/xfig-3.2.7b/src/w_rulers.c:255:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char precstr[10];
data/xfig-3.2.7b/src/w_rulers.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/xfig-3.2.7b/src/w_rulers.c:355:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"1:%.2f", appres.userscale);
data/xfig-3.2.7b/src/w_rulers.c:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/xfig-3.2.7b/src/w_rulers.c:397:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "Pan to 0,0 ");
data/xfig-3.2.7b/src/w_rulers.c:399:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg + strlen(msg), "(right button)");
data/xfig-3.2.7b/src/w_rulers.c:401:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg + strlen(msg), "(left button)");
data/xfig-3.2.7b/src/w_rulers.c:402:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg + strlen(msg), "\nSet Units/Scale ");
data/xfig-3.2.7b/src/w_rulers.c:404:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg + strlen(msg), "(left button)");
data/xfig-3.2.7b/src/w_rulers.c:406:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg + strlen(msg), "(right button)");
data/xfig-3.2.7b/src/w_rulers.c:584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/xfig-3.2.7b/src/w_rulers.c:602:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cur_fig_units, "in");
data/xfig-3.2.7b/src/w_rulers.c:610:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cur_fig_units, "cm");
data/xfig-3.2.7b/src/w_rulers.c:703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/xfig-3.2.7b/src/w_rulers.c:837:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%1.2f", appres.userscale);
data/xfig-3.2.7b/src/w_rulers.c:1154:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(precstr, "%%.%df", rs->prec);
data/xfig-3.2.7b/src/w_rulers.c:1169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[20];
data/xfig-3.2.7b/src/w_rulers.c:1428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[20],len;
data/xfig-3.2.7b/src/w_srchrepl.c:137:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *miss_word_list[MAX_MISSPELLED_WORDS];
data/xfig-3.2.7b/src/w_srchrepl.c:138:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char selected_word[200];
data/xfig-3.2.7b/src/w_srchrepl.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/xfig-3.2.7b/src/w_srchrepl.c:273:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpstr[300];
data/xfig-3.2.7b/src/w_srchrepl.c:304:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpstr[300];
data/xfig-3.2.7b/src/w_srchrepl.c:787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PATH_MAX];
data/xfig-3.2.7b/src/w_srchrepl.c:789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[300];
data/xfig-3.2.7b/src/w_srchrepl.c:808:13: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if ((fd = mkstemp(filename)) == -1 || (fp = fdopen(fd, "w")) == NULL) {
data/xfig-3.2.7b/src/w_srchrepl.c:919:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpstr[300];
data/xfig-3.2.7b/src/w_style.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *family_text[MAX_STYLE_FAMILY_SET + 1];
data/xfig-3.2.7b/src/w_style.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *style_text[MAX_STYLE_FAMILY + 1];
data/xfig-3.2.7b/src/w_style.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], value[256], string[256];
data/xfig-3.2.7b/src/w_style.c:301:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *) style->element[i].value) = atoi (value);
data/xfig-3.2.7b/src/w_style.c:311:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *) style->element[i].value) = atoi (value);
data/xfig-3.2.7b/src/w_style.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], string[256];
data/xfig-3.2.7b/src/w_style.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/xfig-3.2.7b/src/w_style.c:370:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (name, "style");
data/xfig-3.2.7b/src/w_style.c:371:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen (name, "r")) != NULL) {
data/xfig-3.2.7b/src/w_style.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[PATH_MAX];
data/xfig-3.2.7b/src/w_style.c:389:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (name, "style");
data/xfig-3.2.7b/src/w_style.c:390:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen (name, "w");
data/xfig-3.2.7b/src/w_style.c:646:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fval, *sval, ftemp[256], stemp[256];
data/xfig-3.2.7b/src/w_util.c:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30];
data/xfig-3.2.7b/src/w_util.c:568:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"None");
data/xfig-3.2.7b/src/w_util.c:570:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"Background");
data/xfig-3.2.7b/src/w_util.c:574:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "User %d", color);
data/xfig-3.2.7b/src/w_util.c:587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/xfig-3.2.7b/src/w_util.c:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sval,str[40];
data/xfig-3.2.7b/src/w_util.c:618:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%0.2f",val);
data/xfig-3.2.7b/src/w_util.c:629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sval,str[40];
data/xfig-3.2.7b/src/w_util.c:642:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%0.2f",val);
data/xfig-3.2.7b/src/w_util.c:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sval,str[40];
data/xfig-3.2.7b/src/w_util.c:665:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",val);
data/xfig-3.2.7b/src/w_util.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sval,str[40];
data/xfig-3.2.7b/src/w_util.c:688:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",val);
data/xfig-3.2.7b/src/w_util.c:936:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/xfig-3.2.7b/src/w_util.c:959:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(buf);
data/xfig-3.2.7b/src/w_util.c:963:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d", val);
data/xfig-3.2.7b/src/w_util.c:1210:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) check_bits, check_width, check_height,
data/xfig-3.2.7b/src/w_util.c:1214:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) check_bits, check_width, check_height,
data/xfig-3.2.7b/src/w_util.c:1218:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) sm_check_bits, sm_check_width, sm_check_height,
data/xfig-3.2.7b/src/w_util.c:1222:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) sm_check_bits, sm_check_width, sm_check_height,
data/xfig-3.2.7b/src/w_util.c:1284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xfig-3.2.7b/src/w_util.c:1285:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", intval);
data/xfig-3.2.7b/src/w_util.c:1294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/xfig-3.2.7b/src/w_util.c:1425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wm_title[200];
data/xfig-3.2.7b/src/w_util.c:1689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nam[30];
data/xfig-3.2.7b/src/w_util.c:1905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sval, fraction[20];
data/xfig-3.2.7b/src/w_util.c:1931:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fraction, "%d/%d", (int) numer, (int) fracts[i]);
data/xfig-3.2.7b/lib/strdup.c:63:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) malloc(strlen(str) + 1);
data/xfig-3.2.7b/lib/strndup.c:37:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, str, n);
data/xfig-3.2.7b/lib/strstr.c:29:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(s2);
data/xfig-3.2.7b/src/SmeBSB.c:297:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(entry->sme_bsb.label);
data/xfig-3.2.7b/src/SmeBSB.c:532:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(entry->sme_bsb.label));
data/xfig-3.2.7b/src/SmeBSB.c:551:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(entry->sme_bsb.label));
data/xfig-3.2.7b/src/d_text.c:196:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (appres.international && strlen(appres.text_preedit) != 0) {
data/xfig-3.2.7b/src/d_text.c:415:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng_prefix=strlen(prefix);
data/xfig-3.2.7b/src/d_text.c:440:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_t->cstring) >= leng_prefix) {
data/xfig-3.2.7b/src/d_text.c:601:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng_suffix = strlen(cur_t->cstring);
data/xfig-3.2.7b/src/d_text.c:624:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text_selection, &cur_t->cstring[startp], lensel);
data/xfig-3.2.7b/src/d_text.c:642:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix, cur_t->cstring, leng_prefix);
data/xfig-3.2.7b/src/d_text.c:731:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_c = strlen(string);
data/xfig-3.2.7b/src/d_text.c:1050:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng_suffix=strlen(suffix);
data/xfig-3.2.7b/src/d_text.c:1073:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng_prefix=strlen(prefix);
data/xfig-3.2.7b/src/d_text.c:1299:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
leng_prefix = strlen(prefix);
data/xfig-3.2.7b/src/d_text.c:1525:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(substr); i++)
data/xfig-3.2.7b/src/d_text.c:1539:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(substr); i++)
data/xfig-3.2.7b/src/d_text.c:1569:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text_selection, &cur_t->cstring[indx], lensel);
data/xfig-3.2.7b/src/d_text.c:1572:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(substr); i++)
data/xfig-3.2.7b/src/d_text.c:1586:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text_selection, &cur_t->cstring[indx], lensel);
data/xfig-3.2.7b/src/d_text.c:1591:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(substr); i++)
data/xfig-3.2.7b/src/d_text.c:2174:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc(fp)) != EOF) {
data/xfig-3.2.7b/src/e_edit.c:1449:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = textsize(canvas_font, strlen(t->cstring), t->cstring);
data/xfig-3.2.7b/src/e_edit.c:2436:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = textsize(canvas_font, strlen(new_t->cstring), new_t->cstring);
data/xfig-3.2.7b/src/e_edit.c:2558:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:3130:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sub_type) == 0)
data/xfig-3.2.7b/src/e_edit.c:4200:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name && strlen(name) > 0) {
data/xfig-3.2.7b/src/e_edit.c:4204:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
labelname = (char *) new_string(strlen(name)+7);
data/xfig-3.2.7b/src/e_edit.c:4205:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textname = (char *) new_string(strlen(name)+6);
data/xfig-3.2.7b/src/e_edit.c:4240:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++) {
data/xfig-3.2.7b/src/e_edit.c:4249:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(string));
data/xfig-3.2.7b/src/e_edit.c:4275:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name && strlen(name) > 0) {
data/xfig-3.2.7b/src/e_edit.c:4315:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:4340:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:4390:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:4418:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:4518:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:4546:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(buf));
data/xfig-3.2.7b/src/e_edit.c:5215:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*c=='\0' || *c=='\n' || *c=='\r' || strlen(s)>=sizeof(s)-1)
data/xfig-3.2.7b/src/e_placelib.c:105:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(com)) {
data/xfig-3.2.7b/src/e_placelib.c:107:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(com); i>=0; i--)
data/xfig-3.2.7b/src/e_scale.c:914:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tsize = textsize(text->fontstruct, strlen(text->cstring), text->cstring);
data/xfig-3.2.7b/src/e_update.c:519:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text->size), strlen(text->cstring), text->cstring);
data/xfig-3.2.7b/src/f_load.c:306:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/xfig-3.2.7b/src/f_load.c:334:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(recent_files[i].name,num,1);
data/xfig-3.2.7b/src/f_load.c:339:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new_string(strlen(file)+4);
data/xfig-3.2.7b/src/f_picobj.c:201:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c=getc(fd))==EOF)
data/xfig-3.2.7b/src/f_picobj.c:265:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) > 3 && !strcmp(".gz", name + (strlen(name)-3))) ||
data/xfig-3.2.7b/src/f_picobj.c:265:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(name) > 3 && !strcmp(".gz", name + (strlen(name)-3))) ||
data/xfig-3.2.7b/src/f_picobj.c:266:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(name) > 2 && !strcmp(".Z", name + (strlen(name)-3))) ||
data/xfig-3.2.7b/src/f_picobj.c:266:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(name) > 2 && !strcmp(".Z", name + (strlen(name)-3))) ||
data/xfig-3.2.7b/src/f_picobj.c:267:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(name) > 2 && !strcmp(".z", name + (strlen(name)-2)))) {
data/xfig-3.2.7b/src/f_picobj.c:267:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(name) > 2 && !strcmp(".z", name + (strlen(name)-2)))) {
data/xfig-3.2.7b/src/f_read.c:260:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) <= 6) {
data/xfig-3.2.7b/src/f_read.c:568:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size[strlen(size)-1]=='\n')
data/xfig-3.2.7b/src/f_read.c:569:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size[strlen(size)-1]='\0';
data/xfig-3.2.7b/src/f_read.c:574:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(size);
data/xfig-3.2.7b/src/f_read.c:595:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1]='\0'; /* remove the newline */
data/xfig-3.2.7b/src/f_read.c:1342:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/xfig-3.2.7b/src/f_read.c:1343:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1] == '\r')
data/xfig-3.2.7b/src/f_read.c:1344:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/xfig-3.2.7b/src/f_read.c:1346:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s)-1] == '\r')
data/xfig-3.2.7b/src/f_read.c:1347:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s)-1] = '\0';
data/xfig-3.2.7b/src/f_read.c:1402:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/xfig-3.2.7b/src/f_read.c:1420:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/xfig-3.2.7b/src/f_read.c:1421:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf[strlen(buf)-1] == '\r')
data/xfig-3.2.7b/src/f_read.c:1422:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/xfig-3.2.7b/src/f_read.c:1427:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s_temp);
data/xfig-3.2.7b/src/f_read.c:1437:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) + 1 + strlen(s_temp) + 1 > BUF_SIZE) {
data/xfig-3.2.7b/src/f_read.c:1437:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) + 1 + strlen(s_temp) + 1 > BUF_SIZE) {
data/xfig-3.2.7b/src/f_read.c:1452:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/xfig-3.2.7b/src/f_read.c:1483:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) <= 1) {
data/xfig-3.2.7b/src/f_read.c:1487:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((t->cstring = new_string(strlen(&s[1]))) == NULL) {
data/xfig-3.2.7b/src/f_read.c:1497:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tx_dim = textsize(t->fontstruct, strlen(t->cstring), t->cstring);
data/xfig-3.2.7b/src/f_read.c:1540:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(comments[i])+1;
data/xfig-3.2.7b/src/f_read.c:1553:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comp,"\n");
data/xfig-3.2.7b/src/f_read.c:1586:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf);
data/xfig-3.2.7b/src/f_read.c:1607:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgetc(fp) != '\n') {
data/xfig-3.2.7b/src/f_read.c:1931:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc=getc(fp);
data/xfig-3.2.7b/src/f_read.c:1934:8: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cc=getc(fp);
data/xfig-3.2.7b/src/f_readeps.c:378:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] = '\0'; /* strip newlines */
data/xfig-3.2.7b/src/f_readgif.c:95:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(version, (char*)(buf + 3), 3);
data/xfig-3.2.7b/src/f_readold.c:496:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((t->cstring = new_string(strlen(buf))) == NULL)
data/xfig-3.2.7b/src/f_readold.c:510:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(t->cstring)) {
data/xfig-3.2.7b/src/f_readold.c:528:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tx_dim = textsize(t->fontstruct, strlen(t->cstring), t->cstring);
data/xfig-3.2.7b/src/f_readpcx.c:176:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inbyte=fgetc(pcxfile);
data/xfig-3.2.7b/src/f_readpcx.c:183:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inbyte = fgetc(pcxfile);
data/xfig-3.2.7b/src/f_readpcx.c:219:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pic->pic_cache->cmap[x].red = fgetc(pcxfile);
data/xfig-3.2.7b/src/f_readpcx.c:220:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pic->pic_cache->cmap[x].green = fgetc(pcxfile);
data/xfig-3.2.7b/src/f_readpcx.c:221:39: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pic->pic_cache->cmap[x].blue = fgetc(pcxfile);
data/xfig-3.2.7b/src/f_readxbm.c:154:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fstream);
data/xfig-3.2.7b/src/f_readxbm.c:214:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == MAX_SIZE-1) {
data/xfig-3.2.7b/src/f_save.c:202:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(com);
data/xfig-3.2.7b/src/f_save.c:440:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (picfile == NULL || strlen(picfile) == 0) {
data/xfig-3.2.7b/src/f_save.c:442:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(picfile, cur_file_dir, strlen(cur_file_dir))==0 &&
data/xfig-3.2.7b/src/f_save.c:443:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(picfile) > strlen(cur_file_dir) && picfile[strlen(cur_file_dir)] == '/') {
data/xfig-3.2.7b/src/f_save.c:443:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(picfile) > strlen(cur_file_dir) && picfile[strlen(cur_file_dir)] == '/') {
data/xfig-3.2.7b/src/f_save.c:443:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(picfile) > strlen(cur_file_dir) && picfile[strlen(cur_file_dir)] == '/') {
data/xfig-3.2.7b/src/f_save.c:445:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 = &picfile[strlen(cur_file_dir)+1];
data/xfig-3.2.7b/src/f_save.c:533:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(t->cstring);
data/xfig-3.2.7b/src/f_util.c:717:10: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(dirname, ".");
data/xfig-3.2.7b/src/f_util.c:771:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0, len=strlen(opnd); i<len; i++, opnd++)
data/xfig-3.2.7b/src/f_util.c:795:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new_string(strlen(file)+3); /* allow for file number (1), blank (1) and NUL */
data/xfig-3.2.7b/src/f_util.c:1000:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cur_fig_units, appres.userunit, sizeof(cur_fig_units)-1);
data/xfig-3.2.7b/src/f_util.c:1104:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd," ");
data/xfig-3.2.7b/src/f_util.c:1298:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(minor_grid)==0? "0": minor_grid,
data/xfig-3.2.7b/src/f_util.c:1299:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(major_grid)==0? "0": major_grid,
data/xfig-3.2.7b/src/f_util.c:1311:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcasecmp(c1,"none") != 0 && strlen(c1)) {
data/xfig-3.2.7b/src/f_util.c:1312:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(grid,":");
data/xfig-3.2.7b/src/f_util.c:1315:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grid))
data/xfig-3.2.7b/src/main.c:706:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(help_list[i]);
data/xfig-3.2.7b/src/main.c:871:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) sprintf(&tool_name[strlen(tool_name)], " [locale: %s]",
data/xfig-3.2.7b/src/main.c:1342:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_filename))
data/xfig-3.2.7b/src/u_create.c:146:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((*dest = (char*) new_string(strlen(*source))) == NULL)
data/xfig-3.2.7b/src/u_create.c:659:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((text->cstring = new_string(strlen(t->cstring))) == NULL) {
data/xfig-3.2.7b/src/u_drag.c:473:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txsize = textsize(t->fontstruct, strlen(t->cstring), t->cstring);
data/xfig-3.2.7b/src/u_draw.c:255:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(bufx,"c");
data/xfig-3.2.7b/src/u_draw.c:636:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt = textsize(canvas_font, strlen(string), string);
data/xfig-3.2.7b/src/u_draw.c:1249:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = textsize(text->fontstruct, strlen(text->cstring),
data/xfig-3.2.7b/src/u_draw.c:1304:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dx = (float)(x2-x1)/strlen(cp);
data/xfig-3.2.7b/src/u_draw.c:1305:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dy = (float)(y2-y1)/strlen(cp);
data/xfig-3.2.7b/src/u_draw.c:2029:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = textsize(roman_font, strlen(str), str);
data/xfig-3.2.7b/src/u_print.c:57:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = 2 * strlen(string) + 1;
data/xfig-3.2.7b/src/u_print.c:60:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string) == 0)
data/xfig-3.2.7b/src/u_print.c:172:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_filename) == 0)
data/xfig-3.2.7b/src/u_print.c:241:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result += strlen(repl);
data/xfig-3.2.7b/src/u_print.c:242:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prcmd += strlen(find);
data/xfig-3.2.7b/src/u_print.c:273:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_filename) == 0)
data/xfig-3.2.7b/src/u_print.c:661:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str[strlen(str)-1] = '\0';
data/xfig-3.2.7b/src/u_print.c:724:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len+strlen(list) >= PATH_MAX-5)
data/xfig-3.2.7b/src/u_print.c:727:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(list)+1;
data/xfig-3.2.7b/src/u_print.c:740:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (notlen+strlen(notlist) >= PATH_MAX-5)
data/xfig-3.2.7b/src/u_print.c:743:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
notlen += strlen(notlist)+1;
data/xfig-3.2.7b/src/u_print.c:748:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len+strlen(list) < PATH_MAX-5) {
data/xfig-3.2.7b/src/u_print.c:750:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(list)+1;
data/xfig-3.2.7b/src/u_print.c:755:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (notlen+strlen(notlist) < PATH_MAX-5) {
data/xfig-3.2.7b/src/u_print.c:757:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
notlen += strlen(notlist)+1;
data/xfig-3.2.7b/src/u_print.c:773:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(list,",");
data/xfig-3.2.7b/src/u_redraw.c:565:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(tool_d,canvas_win,border_gc,ZOOMX(pwd)+3,ZOOMY(pht),pname,strlen(pname));
data/xfig-3.2.7b/src/w_browse.c:125:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = new_string( strlen(dval) + 1 + strlen(fval) + 1);
data/xfig-3.2.7b/src/w_browse.c:125:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = new_string( strlen(dval) + 1 + strlen(fval) + 1);
data/xfig-3.2.7b/src/w_browse.c:128:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( path, "/");
data/xfig-3.2.7b/src/w_browse.c:169:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
local_dir[strlen(pval) - strlen(fval)] = '\0';
data/xfig-3.2.7b/src/w_browse.c:169:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
local_dir[strlen(pval) - strlen(fval)] = '\0';
data/xfig-3.2.7b/src/w_browse.c:226:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(browse_filename));
data/xfig-3.2.7b/src/w_canvas.c:795:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, "/");
data/xfig-3.2.7b/src/w_canvas.c:802:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (charinto = strlen(line), charfrom = 1;
data/xfig-3.2.7b/src/w_canvas.c:820:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(local_translations, "");
data/xfig-3.2.7b/src/w_canvas.c:833:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p1 = strstr(p, "<Key>") + strlen("<Key>");
data/xfig-3.2.7b/src/w_canvas.c:836:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = strstr(p, "<Key>") + strlen("<Key>");
data/xfig-3.2.7b/src/w_canvas.c:839:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p3 = strstr(p, "insert-string(") + strlen("insert-string(");
data/xfig-3.2.7b/src/w_canvas.c:843:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p3) == 1)
data/xfig-3.2.7b/src/w_cmdpanel.c:588:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(cut_buf_name, TMPDIR, strlen(TMPDIR)) == 0)
data/xfig-3.2.7b/src/w_cmdpanel.c:1166:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_color.c:356:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_color.c:1756:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tmphex,"#");
data/xfig-3.2.7b/src/w_color.c:1760:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(hexvalue) != 7) ||
data/xfig-3.2.7b/src/w_color.c:2113:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorname, strlen(colorname));
data/xfig-3.2.7b/src/w_color.c:2185:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colorname, strlen(colorname));
data/xfig-3.2.7b/src/w_dir.c:137:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawTextSetInsertionPoint(browse_selfile, strlen(CurrentSelectionName));
data/xfig-3.2.7b/src/w_dir.c:140:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawTextSetInsertionPoint(file_selfile, strlen(CurrentSelectionName));
data/xfig-3.2.7b/src/w_dir.c:146:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawTextSetInsertionPoint(exp_selfile, strlen(CurrentSelectionName));
data/xfig-3.2.7b/src/w_dir.c:248:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path)==1 || path[1]=='/') {
data/xfig-3.2.7b/src/w_dir.c:250:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path)==1) /* nothing after the ~, we have the full path */
data/xfig-3.2.7b/src/w_dir.c:395:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(dir));
data/xfig-3.2.7b/src/w_dir.c:566:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mask) < MAX_MASK_LEN) {
data/xfig-3.2.7b/src/w_dir.c:573:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmask,"*");
data/xfig-3.2.7b/src/w_dir.c:670:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dir[strlen(dir) - 1] == '/')
data/xfig-3.2.7b/src/w_dir.c:671:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir[strlen(dir) - 1] = '\0';
data/xfig-3.2.7b/src/w_dir.c:679:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ndir, "/");
data/xfig-3.2.7b/src/w_dir.c:682:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ndir, "/");
data/xfig-3.2.7b/src/w_dir.c:700:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawTextSetInsertionPoint(browse_dir, strlen(ndir));
data/xfig-3.2.7b/src/w_dir.c:706:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawTextSetInsertionPoint(file_dir, strlen(ndir));
data/xfig-3.2.7b/src/w_dir.c:712:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XawTextSetInsertionPoint(exp_dir, strlen(ndir));
data/xfig-3.2.7b/src/w_dir.c:814:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pathname, "/");
data/xfig-3.2.7b/src/w_drawprim.c:376:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nf->fname = (char *) new_string(max2(strlen(fn),strlen(back_fn)));
data/xfig-3.2.7b/src/w_drawprim.c:376:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nf->fname = (char *) new_string(max2(strlen(fn),strlen(back_fn)));
data/xfig-3.2.7b/src/w_drawprim.c:379:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nf->bname = (char *) new_string(strlen(back_fn));
data/xfig-3.2.7b/src/w_drawprim.c:434:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nf->fname = (char *) new_string(strlen(appres.normalFont));
data/xfig-3.2.7b/src/w_export.c:632:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grid_choices[grid_minor]) >= MAX_GRID_STRLEN) {
data/xfig-3.2.7b/src/w_export.c:656:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grid_choices[grid_major]) >= MAX_GRID_STRLEN) {
data/xfig-3.2.7b/src/w_export.c:1210:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i = strlen(buf)) < 39)
data/xfig-3.2.7b/src/w_export.c:1211:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, " ",39-i);
data/xfig-3.2.7b/src/w_export.c:1880:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(named_file));
data/xfig-3.2.7b/src/w_export.c:1958:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(default_export_file);
data/xfig-3.2.7b/src/w_export.c:1974:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(default_export_file, ".");
data/xfig-3.2.7b/src/w_export.c:1979:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(default_export_file) - 1; i >= 0; i--)
data/xfig-3.2.7b/src/w_file.c:252:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/xfig-3.2.7b/src/w_file.c:937:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(cur_filename));
data/xfig-3.2.7b/src/w_i18n.c:630:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(last_str, str, sizeof(last_str));
data/xfig-3.2.7b/src/w_i18n.c:724:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cur_locale, s, sizeof(cur_locale) - 1);
data/xfig-3.2.7b/src/w_indpanel.c:914:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString(tool_d, p, ind_button_gc, 3, 12, isw->line1, strlen(isw->line1));
data/xfig-3.2.7b/src/w_indpanel.c:915:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString(tool_d, p, ind_button_gc, 3, 25, isw->line2, strlen(isw->line2));
data/xfig-3.2.7b/src/w_indpanel.c:1102:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(isw->line2))
data/xfig-3.2.7b/src/w_indpanel.c:1103:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg + strlen(msg), " %s", isw->line2);
data/xfig-3.2.7b/src/w_indpanel.c:1185:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xpos, ypos, buf, strlen(buf));
data/xfig-3.2.7b/src/w_indpanel.c:3432:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(button_font, indbuf, strlen(indbuf), &dum, &dum, &dum, &size);
data/xfig-3.2.7b/src/w_indpanel.c:3442:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indbuf, strlen(indbuf));
data/xfig-3.2.7b/src/w_indpanel.c:3450:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indbuf, strlen(indbuf));
data/xfig-3.2.7b/src/w_indpanel.c:4043:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sw->line1));
data/xfig-3.2.7b/src/w_indpanel.c:4045:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sw->line2));
data/xfig-3.2.7b/src/w_keyboard.c:64:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XtVaSetValues(w, XtNstring, str, XtNinsertPosition, strlen(str) , NULL);
data/xfig-3.2.7b/src/w_keyboard.c:77:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XtVaSetValues(w, XtNstring, str, XtNinsertPosition, strlen(str) , NULL);
data/xfig-3.2.7b/src/w_keyboard.c:459:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_layers.c:481:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(tool_d, win, button_gc, x+w+3*B_BORDER, y+w, str, strlen(str));
data/xfig-3.2.7b/src/w_library.c:1206:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(name)-1; i>0; i--) {
data/xfig-3.2.7b/src/w_library.c:1210:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i>0) && (i<strlen(name)-1))
data/xfig-3.2.7b/src/w_library.c:1213:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
librec->longname = (char *) new_string(strlen(lname));
data/xfig-3.2.7b/src/w_library.c:1216:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
librec->name = (char *) new_string(strlen(name));
data/xfig-3.2.7b/src/w_library.c:1219:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
librec->path = (char *) new_string(strlen(path));
data/xfig-3.2.7b/src/w_library.c:1282:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(dp->d_name) + 2 > PATH_MAX-1) {
data/xfig-3.2.7b/src/w_library.c:1282:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(dp->d_name) + 2 > PATH_MAX-1) {
data/xfig-3.2.7b/src/w_library.c:1292:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(longname) == 0) {
data/xfig-3.2.7b/src/w_library.c:1294:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dp->d_name) > N_LIB_NAME_MAX)
data/xfig-3.2.7b/src/w_library.c:1299:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(longname)+strlen(dp->d_name)+3 > N_LIB_NAME_MAX)
data/xfig-3.2.7b/src/w_library.c:1299:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(longname)+strlen(dp->d_name)+3 > N_LIB_NAME_MAX)
data/xfig-3.2.7b/src/w_listwidget.c:250:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item_len = strlen(lw->list.list[item]);
data/xfig-3.2.7b/src/w_menuentry.c:177:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(entry->sme_bsb.label);
data/xfig-3.2.7b/src/w_mousefun.c:267:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
4, button_font->ascent+4, title, strlen(title));
data/xfig-3.2.7b/src/w_mousefun.c:398:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = XTextWidth(button_font, s, strlen(s));
data/xfig-3.2.7b/src/w_mousefun.c:400:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xctr - (int) (width / 2), ypos, s, strlen(s));
data/xfig-3.2.7b/src/w_msgpanel.c:199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizex = textsize(roman_font, strlen(bufx), bufx);
data/xfig-3.2.7b/src/w_msgpanel.c:201:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizey = textsize(roman_font, strlen(bufy), bufy);
data/xfig-3.2.7b/src/w_msgpanel.c:410:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizex = textsize(roman_font, strlen(bufx), bufx);
data/xfig-3.2.7b/src/w_msgpanel.c:412:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizey = textsize(roman_font, strlen(bufy), bufy);
data/xfig-3.2.7b/src/w_msgpanel.c:414:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizehyp = textsize(roman_font, strlen(bufhyp), bufhyp);
data/xfig-3.2.7b/src/w_msgpanel.c:589:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmpstr,"\n");
data/xfig-3.2.7b/src/w_msgpanel.c:596:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block.length = strlen(tmpstr);
data/xfig-3.2.7b/src/w_print.c:532:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grid_choices[grid_minor]) >= MAX_GRID_STRLEN) {
data/xfig-3.2.7b/src/w_print.c:556:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(grid_choices[grid_major]) >= MAX_GRID_STRLEN) {
data/xfig-3.2.7b/src/w_print.c:1008:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(printer_names[i]);
data/xfig-3.2.7b/src/w_print.c:1016:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf," ");
data/xfig-3.2.7b/src/w_print.c:1264:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/xfig-3.2.7b/src/w_print.c:1312:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(names[printers],&str[i],j-i+1);
data/xfig-3.2.7b/src/w_print.c:1324:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str)-1;
data/xfig-3.2.7b/src/w_rottext.c:170:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(str1);
data/xfig-3.2.7b/src/w_rottext.c:181:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=0; j<strlen(str2); j++)
data/xfig-3.2.7b/src/w_rottext.c:210:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, XV_COPYRIGHT, n);
data/xfig-3.2.7b/src/w_rottext.c:397:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, text, strlen(text), &dir, &asc, &desc, &overall);
data/xfig-3.2.7b/src/w_rottext.c:608:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(text)-1; i++)
data/xfig-3.2.7b/src/w_rottext.c:638:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc, &overall);
data/xfig-3.2.7b/src/w_rottext.c:657:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc,
data/xfig-3.2.7b/src/w_rottext.c:670:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(dpy, drawable, my_gc, xp, yp, str3, strlen(str3));
data/xfig-3.2.7b/src/w_rottext.c:672:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawImageString(dpy, drawable, my_gc, xp, yp, str3, strlen(str3));
data/xfig-3.2.7b/src/w_rottext.c:872:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(text)-1; i++)
data/xfig-3.2.7b/src/w_rottext.c:889:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc,
data/xfig-3.2.7b/src/w_rottext.c:899:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc,
data/xfig-3.2.7b/src/w_rottext.c:972:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc,
data/xfig-3.2.7b/src/w_rottext.c:984:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XDrawString(dpy, canvas, font_gc, xp, yp, str3, strlen(str3));
data/xfig-3.2.7b/src/w_rottext.c:1174:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(XImage) + strlen(item->text) +
data/xfig-3.2.7b/src/w_rottext.c:1178:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
item->size+=strlen(item->font_name);
data/xfig-3.2.7b/src/w_rottext.c:1426:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0; i<strlen(text)-1; i++)
data/xfig-3.2.7b/src/w_rottext.c:1443:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc,
data/xfig-3.2.7b/src/w_rottext.c:1453:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XTextExtents(font, str3, strlen(str3), &dir, &asc, &desc,
data/xfig-3.2.7b/src/w_rulers.c:349:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_fig_units)) {
data/xfig-3.2.7b/src/w_rulers.c:399:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg + strlen(msg), "(right button)");
data/xfig-3.2.7b/src/w_rulers.c:401:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg + strlen(msg), "(left button)");
data/xfig-3.2.7b/src/w_rulers.c:402:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg + strlen(msg), "\nSet Units/Scale ");
data/xfig-3.2.7b/src/w_rulers.c:404:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg + strlen(msg), "(left button)");
data/xfig-3.2.7b/src/w_rulers.c:406:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(msg + strlen(msg), "(right button)");
data/xfig-3.2.7b/src/w_rulers.c:587:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cur_fig_units,
data/xfig-3.2.7b/src/w_rulers.c:1187:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = XTextWidth(roman_font, number, strlen(number));
data/xfig-3.2.7b/src/w_rulers.c:1206:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = XTextWidth(roman_font, number, strlen(number));
data/xfig-3.2.7b/src/w_rulers.c:1212:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TOPRULER_HT - INCH_MARK - 5, number, strlen(number));
data/xfig-3.2.7b/src/w_rulers.c:1465:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = XTextWidth(roman_font, number, strlen(number));
data/xfig-3.2.7b/src/w_rulers.c:1469:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ZOOMY(i) + 3, number, strlen(number));
data/xfig-3.2.7b/src/w_rulers.c:1472:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
number, strlen(number));
data/xfig-3.2.7b/src/w_srchrepl.c:148:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(str, pattern, strlen(pattern)) == 0;
data/xfig-3.2.7b/src/w_srchrepl.c:150:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncasecmp(str, pattern, strlen(pattern)) == 0;
data/xfig-3.2.7b/src/w_srchrepl.c:161:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(panel_get_value(replace_text_widget)) == 0) {
data/xfig-3.2.7b/src/w_srchrepl.c:188:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pat_len = strlen(pattern);
data/xfig-3.2.7b/src/w_srchrepl.c:199:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pat_len <= strlen(t->cstring)) {
data/xfig-3.2.7b/src/w_srchrepl.c:202:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i <= strlen(t->cstring) - pat_len; i++) {
data/xfig-3.2.7b/src/w_srchrepl.c:204:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + strlen(dst) < sizeof(str)) {
data/xfig-3.2.7b/src/w_srchrepl.c:204:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + strlen(dst) < sizeof(str)) {
data/xfig-3.2.7b/src/w_srchrepl.c:205:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(str, &t->cstring[j], i - j);
data/xfig-3.2.7b/src/w_srchrepl.c:215:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (replaced && j < strlen(t->cstring)) {
data/xfig-3.2.7b/src/w_srchrepl.c:216:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + strlen(&t->cstring[j]) < sizeof(str)) {
data/xfig-3.2.7b/src/w_srchrepl.c:216:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) + strlen(&t->cstring[j]) < sizeof(str)) {
data/xfig-3.2.7b/src/w_srchrepl.c:223:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t->cstring) != strlen(str)) {
data/xfig-3.2.7b/src/w_srchrepl.c:223:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t->cstring) != strlen(str)) {
data/xfig-3.2.7b/src/w_srchrepl.c:225:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->cstring = new_string(strlen(str));
data/xfig-3.2.7b/src/w_srchrepl.c:229:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->size), strlen(t->cstring), t->cstring);
data/xfig-3.2.7b/src/w_srchrepl.c:279:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmpstr,"\n");
data/xfig-3.2.7b/src/w_srchrepl.c:283:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
block.length = strlen(tmpstr);
data/xfig-3.2.7b/src/w_srchrepl.c:350:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string)!=0)
data/xfig-3.2.7b/src/w_srchrepl.c:379:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pat_len = strlen(pattern);
data/xfig-3.2.7b/src/w_srchrepl.c:384:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (pat_len <= strlen(t->cstring)) {
data/xfig-3.2.7b/src/w_srchrepl.c:385:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; !match && i <= strlen(t->cstring) - pat_len; i++) {
data/xfig-3.2.7b/src/w_srchrepl.c:825:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/xfig-3.2.7b/src/w_style.c:239:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (string) == 1)
data/xfig-3.2.7b/src/w_style.c:241:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (string); i >= 0; i--)
data/xfig-3.2.7b/src/w_style.c:254:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string);
data/xfig-3.2.7b/src/w_style.c:258:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen (string) - 1; j > i; j--)
data/xfig-3.2.7b/src/w_style.c:621:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fval)) {
data/xfig-3.2.7b/src/w_style.c:635:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fval)) {
data/xfig-3.2.7b/src/w_style.c:654:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (ftemp) && strlen (stemp)) {
data/xfig-3.2.7b/src/w_style.c:654:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (ftemp) && strlen (stemp)) {
data/xfig-3.2.7b/src/w_style.c:674:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fval) && strlen (sval)) {
data/xfig-3.2.7b/src/w_style.c:674:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fval) && strlen (sval)) {
data/xfig-3.2.7b/src/w_util.c:621:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FirstArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_util.c:645:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FirstArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_util.c:668:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FirstArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_util.c:691:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FirstArg(XtNinsertPosition, strlen(str));
data/xfig-3.2.7b/src/w_util.c:807:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NextArg(XtNinsertPosition, strlen(string));
data/xfig-3.2.7b/src/w_util.c:946:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(buf); )
data/xfig-3.2.7b/src/w_util.c:950:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&buf[i], &buf[i+1], strlen(&buf[i]));
data/xfig-3.2.7b/src/w_util.c:958:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0 && !(strlen(buf)==1 && buf[0] == '-')) {
data/xfig-3.2.7b/src/w_util.c:958:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0 && !(strlen(buf)==1 && buf[0] == '-')) {
data/xfig-3.2.7b/src/w_util.c:972:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos < strlen(buf)) {
data/xfig-3.2.7b/src/w_util.c:1263:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FirstArg(XtNinsertPosition, strlen(val));
data/xfig-3.2.7b/src/w_util.c:1428:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name)==0) sprintf(wm_title, "%s - No file", tool_name);
data/xfig-3.2.7b/src/w_util.c:2110:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(DRAW_PAUSE);
data/xfig-3.2.7b/src/w_util.c:2120:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(FADE_PAUSE);
data/xfig-3.2.7b/src/w_util.c:2135:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(FADE_PAUSE);
ANALYSIS SUMMARY:
Hits = 1446
Lines analyzed = 97449 in approximately 2.96 seconds (32879 lines/second)
Physical Source Lines of Code (SLOC) = 73870
Hits@level = [0] 328 [1] 316 [2] 707 [3] 32 [4] 391 [5] 0
Hits@level+ = [0+] 1774 [1+] 1446 [2+] 1130 [3+] 423 [4+] 391 [5+] 0
Hits/KSLOC@level+ = [0+] 24.0152 [1+] 19.5749 [2+] 15.2971 [3+] 5.72628 [4+] 5.29308 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.