Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xlog-2.0.19/data/remote/fromxlog.c
Examining data/xlog-2.0.19/data/remote/sendtoxlog.c
Examining data/xlog-2.0.19/data/remote/client.c
Examining data/xlog-2.0.19/data/utils/mkrigstruct.c
Examining data/xlog-2.0.19/src/main.h
Examining data/xlog-2.0.19/src/main.c
Examining data/xlog-2.0.19/src/gui_defaultsdialog.c
Examining data/xlog-2.0.19/src/remote.c
Examining data/xlog-2.0.19/src/history.h
Examining data/xlog-2.0.19/src/gui_pathselectiondialog.h
Examining data/xlog-2.0.19/src/gui_fontselectiondialog.c
Examining data/xlog-2.0.19/src/gui_utils.h
Examining data/xlog-2.0.19/src/gui_netkeyer.c
Examining data/xlog-2.0.19/src/gui_gtkprintdialog.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.h
Examining data/xlog-2.0.19/src/gui_preferencesdialog.c
Examining data/xlog-2.0.19/src/log.c
Examining data/xlog-2.0.19/src/gui_exportdialog.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow.c
Examining data/xlog-2.0.19/src/gui_defaultsdialog.h
Examining data/xlog-2.0.19/src/gui_saveasdialog.c
Examining data/xlog-2.0.19/src/wwl.h
Examining data/xlog-2.0.19/src/gui_logeditordialog.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow_list.c
Examining data/xlog-2.0.19/src/gui_dupecheckdialog.c
Examining data/xlog-2.0.19/src/callbacks_preferencesdialog.c
Examining data/xlog-2.0.19/src/gui_preferencesdialog.h
Examining data/xlog-2.0.19/src/gui_mergedialog.h
Examining data/xlog-2.0.19/src/gui_warningdialog.h
Examining data/xlog-2.0.19/src/gui_mainwindow.h
Examining data/xlog-2.0.19/src/history.c
Examining data/xlog-2.0.19/src/strptime.c
Examining data/xlog-2.0.19/src/gui_openlogdialog.c
Examining data/xlog-2.0.19/src/strptime.h
Examining data/xlog-2.0.19/src/gui_awards_wac.h
Examining data/xlog-2.0.19/src/gui_openlogdialog.h
Examining data/xlog-2.0.19/src/netkeyer.c
Examining data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c
Examining data/xlog-2.0.19/src/gui_keys.c
Examining data/xlog-2.0.19/src/gui_savedialog.h
Examining data/xlog-2.0.19/src/gui_newlogdialog.h
Examining data/xlog-2.0.19/src/netkeyer.h
Examining data/xlog-2.0.19/src/awards_enum.h
Examining data/xlog-2.0.19/src/gui_setupdialog.c
Examining data/xlog-2.0.19/src/support.h
Examining data/xlog-2.0.19/src/xlog_enum.h
Examining data/xlog-2.0.19/src/gui_awards_locator.h
Examining data/xlog-2.0.19/src/utils.c
Examining data/xlog-2.0.19/src/utils.h
Examining data/xlog-2.0.19/src/gui_countrymap.h
Examining data/xlog-2.0.19/src/xlog_enum.c
Examining data/xlog-2.0.19/src/gui_aboutdialog.c
Examining data/xlog-2.0.19/src/gui_logeditordialog.c
Examining data/xlog-2.0.19/src/support.c
Examining data/xlog-2.0.19/src/gui_dialogsdialog.c
Examining data/xlog-2.0.19/src/callbacks_mainwindow.h
Examining data/xlog-2.0.19/src/gui_searchdialog.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c
Examining data/xlog-2.0.19/src/callbacks_mainwindow_list.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow_menu.c
Examining data/xlog-2.0.19/src/gui_awards_dxcc.h
Examining data/xlog-2.0.19/src/callbacks_preferencesdialog.h
Examining data/xlog-2.0.19/src/gc.c
Examining data/xlog-2.0.19/src/gui_tracedialog.h
Examining data/xlog-2.0.19/src/gui_gtkprintdialog.c
Examining data/xlog-2.0.19/src/gui_scorewindow.c
Examining data/xlog-2.0.19/src/gui_mainwindow.c
Examining data/xlog-2.0.19/src/gui_importdialog.h
Examining data/xlog-2.0.19/src/gui_b4window.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow_menu.h
Examining data/xlog-2.0.19/src/hamlib-utils.h
Examining data/xlog-2.0.19/src/gui_aboutdialog.h
Examining data/xlog-2.0.19/src/gui_setupdialog.h
Examining data/xlog-2.0.19/src/gui_dxcclist.c
Examining data/xlog-2.0.19/src/gui_warningdialog.c
Examining data/xlog-2.0.19/src/gui_helpdialog.c
Examining data/xlog-2.0.19/src/gui_pathselectiondialog.c
Examining data/xlog-2.0.19/src/logfile/twlog.c
Examining data/xlog-2.0.19/src/logfile/oh1aa.c
Examining data/xlog-2.0.19/src/logfile/adif3.h
Examining data/xlog-2.0.19/src/logfile/flog.c
Examining data/xlog-2.0.19/src/logfile/adif3.c
Examining data/xlog-2.0.19/src/logfile/cabrillo3.c
Examining data/xlog-2.0.19/src/logfile/logfile.c
Examining data/xlog-2.0.19/src/logfile/editest.c
Examining data/xlog-2.0.19/src/logfile/trlog.c
Examining data/xlog-2.0.19/src/logfile/logfile.h
Examining data/xlog-2.0.19/src/logfile/labels.c
Examining data/xlog-2.0.19/src/logfile/edi.c
Examining data/xlog-2.0.19/src/gui_newlogdialog.c
Examining data/xlog-2.0.19/src/gui_awards_iota.h
Examining data/xlog-2.0.19/src/cfg.c
Examining data/xlog-2.0.19/src/gui_tracedialog.c
Examining data/xlog-2.0.19/src/gui_utils.c
Examining data/xlog-2.0.19/src/gui_dupecheckdialog.h
Examining data/xlog-2.0.19/src/gui_helpdialog.h
Examining data/xlog-2.0.19/src/gui_awards_waz.c
Examining data/xlog-2.0.19/src/gui_awards_was.c
Examining data/xlog-2.0.19/src/gui_savedialog.c
Examining data/xlog-2.0.19/src/gui_b4window.c
Examining data/xlog-2.0.19/src/awards_enum.c
Examining data/xlog-2.0.19/src/gui_scorewindow.h
Examining data/xlog-2.0.19/src/gui_closedialog.c
Examining data/xlog-2.0.19/src/gui_awards_was.h
Examining data/xlog-2.0.19/src/gui_dxcccheck.h
Examining data/xlog-2.0.19/src/gui_closedialog.h
Examining data/xlog-2.0.19/src/gui_awards_dxcc.c
Examining data/xlog-2.0.19/src/gui_searchdialog.c
Examining data/xlog-2.0.19/src/gui_awards_waz.h
Examining data/xlog-2.0.19/src/gui_dxcccheck.c
Examining data/xlog-2.0.19/src/gui_dxcclist.h
Examining data/xlog-2.0.19/src/gui_mergedialog.c
Examining data/xlog-2.0.19/src/gui_fontselectiondialog.h
Examining data/xlog-2.0.19/src/gc.h
Examining data/xlog-2.0.19/src/dxcc.c
Examining data/xlog-2.0.19/src/gui_netkeyer.h
Examining data/xlog-2.0.19/src/gui_awards_wac.c
Examining data/xlog-2.0.19/src/gui_importdialog.c
Examining data/xlog-2.0.19/src/dxcc.h
Examining data/xlog-2.0.19/src/gui_exportdialog.c
Examining data/xlog-2.0.19/src/wwl.c
Examining data/xlog-2.0.19/src/gui_dialogsdialog.h
Examining data/xlog-2.0.19/src/remote.h
Examining data/xlog-2.0.19/src/gui_awards_locator.c
Examining data/xlog-2.0.19/src/cfg.h
Examining data/xlog-2.0.19/src/log.h
Examining data/xlog-2.0.19/src/gui_keys.h
Examining data/xlog-2.0.19/src/gui_awards_iota.c
Examining data/xlog-2.0.19/src/gui_saveasdialog.h
Examining data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.h
Examining data/xlog-2.0.19/src/gui_countrymap.c
Examining data/xlog-2.0.19/src/hamlib-utils.c
FINAL RESULTS:
data/xlog-2.0.19/data/remote/sendtoxlog.c:65:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (msgbuf.mtext, message);
data/xlog-2.0.19/src/history.c:52:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf (fp, "%s", history) == EOF)
data/xlog-2.0.19/src/logfile/cabrillo3.c:191:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (exch, q[RST] + rst_len);
data/xlog-2.0.19/src/logfile/cabrillo3.c:193:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (my_exch, q[MYRST] + rst_len);
data/xlog-2.0.19/src/logfile/cabrillo3.c:221:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (date, q[DATE]);
data/xlog-2.0.19/src/logfile/cabrillo3.c:385:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, field);
data/xlog-2.0.19/src/logfile/cabrillo3.c:399:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, field);
data/xlog-2.0.19/src/logfile/cabrillo3.c:412:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, field + 2);
data/xlog-2.0.19/src/logfile/cabrillo3.c:418:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, field + 3);
data/xlog-2.0.19/src/logfile/edi.c:188:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (exch, q[RST] + rst_len + 1);
data/xlog-2.0.19/src/logfile/edi.c:190:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (my_exch, q[MYRST] + rst_len + 1);
data/xlog-2.0.19/src/logfile/editest.c:141:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (exch, q[RST] + rst_len);
data/xlog-2.0.19/src/logfile/editest.c:143:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (my_exch, q[MYRST] + rst_len);
data/xlog-2.0.19/src/logfile/editest.c:148:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (date, "%c%c-%02u-%s", q[DATE][0], q[DATE][1],
data/xlog-2.0.19/src/logfile/editest.c:152:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (locator, "%s", q[NR]);
data/xlog-2.0.19/src/logfile/editest.c:154:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (locator, q[LOCATOR] ? q[LOCATOR] : "");
data/xlog-2.0.19/src/logfile/labels.c:168:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (date, q[DATE]);
data/xlog-2.0.19/src/logfile/trlog.c:123:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gmt, q[GMT]);
data/xlog-2.0.19/src/cfg.c:75:3: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir (), G_DIR_SEPARATOR_S, PACKAGE);
data/xlog-2.0.19/src/cfg.c:181:3: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir (), G_DIR_SEPARATOR_S, PACKAGE);
data/xlog-2.0.19/src/cfg.c:611:15: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
("%s%s.%s", g_get_home_dir (), G_DIR_SEPARATOR_S, PACKAGE);
data/xlog-2.0.19/src/cfg.c:624:15: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
("%s%s.%s", g_get_home_dir (), G_DIR_SEPARATOR_S, PACKAGE);
data/xlog-2.0.19/src/cfg.c:715:29: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar *path = g_strconcat (g_get_home_dir(), G_DIR_SEPARATOR_S, ".xlog/xlog.cfg", NULL);
data/xlog-2.0.19/src/cfg.c:738:29: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar *path = g_strconcat (g_get_home_dir(), G_DIR_SEPARATOR_S, ".xlog/xlog.cfg", NULL);
data/xlog-2.0.19/src/gui_pathselectiondialog.c:57:3: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_home_dir ());
data/xlog-2.0.19/src/main.c:86:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((p = getopt (argc, argv, "hv")) != -1)
data/xlog-2.0.19/src/main.c:117:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
xlogdir = g_strconcat (g_get_home_dir (), packagedir->str, NULL);
data/xlog-2.0.19/src/utils.c:105:11: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ret = CreateProcess(NULL,
data/xlog-2.0.19/src/utils.c:105:11: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ret = CreateProcess(NULL,
data/xlog-2.0.19/data/remote/client.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ch, "program:Marote\1call:K6EEP\1mhz:28.058\1mode:SSB\1rx:456\1name:Mike\1");
data/xlog-2.0.19/data/remote/sendtoxlog.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtext[1024]; /* mtext holds the message */
data/xlog-2.0.19/src/awards_enum.c:316:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return cont*1000 + (atoi(str+3)%1000);
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:74:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lognr = atoi (name);
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:228:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi (user_data))
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:250:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi (user_data))
data/xlog-2.0.19/src/dxcc.c:240:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pxstr = change_area(split[0], atoi(split[1]));
data/xlog-2.0.19/src/dxcc.c:438:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(ver+3);
data/xlog-2.0.19/src/dxcc.c:510:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dxcc_add (split[0], atoi(split[1]), atoi(split[2]), cont_to_enum(split[3]),
data/xlog-2.0.19/src/dxcc.c:510:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dxcc_add (split[0], atoi(split[1]), atoi(split[2]), cont_to_enum(split[3]),
data/xlog-2.0.19/src/dxcc.c:594:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
area_add (split[0], atoi(split[1]), atoi(split[2]), split[3],
data/xlog-2.0.19/src/dxcc.c:594:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
area_add (split[0], atoi(split[1]), atoi(split[2]), split[3],
data/xlog-2.0.19/src/gui_awards_waz.c:241:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strzone, "%d", i+1);
data/xlog-2.0.19/src/gui_dialogsdialog.c:596:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.tsvgroupbycallsign = atoi(temp);
data/xlog-2.0.19/src/gui_exportdialog.c:136:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lowqso = atoi (temp);
data/xlog-2.0.19/src/gui_exportdialog.c:138:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
highqso = atoi (temp);
data/xlog-2.0.19/src/gui_logeditordialog.c:705:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[NR] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee0), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:706:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[DATE] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee1), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:707:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[GMT] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee2), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:708:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[GMTEND] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee3), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:709:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[CALL] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee4), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:710:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[BAND] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee5), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:711:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[MODE] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee6), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:712:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[RST] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee7), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:713:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[MYRST] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee8), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:714:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[AWARDS] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee18), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:715:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[QSLIN] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee9_10), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:716:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[QSLOUT] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee9_10), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:717:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[POWER] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee11), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:718:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[NAME] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee12), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:719:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[QTH] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee13), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:720:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[LOCATOR] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee14), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:721:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[U1] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee15), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:722:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[U2] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee16), 0, -1));
data/xlog-2.0.19/src/gui_logeditordialog.c:723:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.logcwidths2[REMARKS] = atoi(gtk_editable_get_chars (GTK_EDITABLE (lee17), 0, -1));
data/xlog-2.0.19/src/gui_preferencesdialog.c:1032:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
autosavevalue = atoi (temp);
data/xlog-2.0.19/src/gui_preferencesdialog.c:1211:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.round = atoi (digits);
data/xlog-2.0.19/src/gui_preferencesdialog.c:1219:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(hamlibwidgets, atoi(radio), device, atoi(pollstr), rigconf))
data/xlog-2.0.19/src/gui_preferencesdialog.c:1219:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(hamlibwidgets, atoi(radio), device, atoi(pollstr), rigconf))
data/xlog-2.0.19/src/gui_preferencesdialog.c:1227:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(radio), device, RIG_DEBUG_NONE, atoi (pollstr));
data/xlog-2.0.19/src/gui_preferencesdialog.c:1227:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(radio), device, RIG_DEBUG_NONE, atoi (pollstr));
data/xlog-2.0.19/src/gui_preferencesdialog.c:1228:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.rigid = atoi(radio);
data/xlog-2.0.19/src/gui_preferencesdialog.c:1230:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferences.polltime = atoi (pollstr);
data/xlog-2.0.19/src/gui_saveasdialog.c:102:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lowqso = atoi (temp);
data/xlog-2.0.19/src/gui_saveasdialog.c:104:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
highqso = atoi (temp);
data/xlog-2.0.19/src/logfile/adif3.c:103:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:119:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:125:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:149:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:161:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q[adif_field] = g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:171:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
q[adif_field] = g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:177:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:183:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:189:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:195:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:201:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:209:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:215:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:222:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:228:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:234:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:242:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:249:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:257:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:264:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_strndup (adifitem[1], atoi(adifid[1]));
data/xlog-2.0.19/src/logfile/adif3.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, xlog_fields, sizeof (xlog_fields));
data/xlog-2.0.19/src/logfile/cabrillo3.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, xlog_fields, sizeof (xlog_fields));
data/xlog-2.0.19/src/logfile/cabrillo3.c:361:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint khz = atoi(field);
data/xlog-2.0.19/src/logfile/cabrillo3.c:380:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "SSB");
data/xlog-2.0.19/src/logfile/cabrillo3.c:383:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "RTTY");
data/xlog-2.0.19/src/logfile/edi.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, edi_fields, sizeof (edi_fields));
data/xlog-2.0.19/src/logfile/edi.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_widths, edi_widths, sizeof (edi_widths));
data/xlog-2.0.19/src/logfile/edi.c:278:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(band)*1000;
data/xlog-2.0.19/src/logfile/edi.c:280:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq += atoi(dpoint+1)*100;
data/xlog-2.0.19/src/logfile/edi.c:281:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(band, "%u", freq);
data/xlog-2.0.19/src/logfile/editest.c:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, editest_fields, sizeof (editest_fields));
data/xlog-2.0.19/src/logfile/editest.c:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_widths, editest_widths, sizeof (editest_widths));
data/xlog-2.0.19/src/logfile/editest.c:180:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
band = atoi(field);
data/xlog-2.0.19/src/logfile/editest.c:257:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gmt, field, 2);
data/xlog-2.0.19/src/logfile/logfile.c:94:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (handle->ops->open (handle))
data/xlog-2.0.19/src/logfile/logfile.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, column_fields, columns * sizeof (gint));
data/xlog-2.0.19/src/logfile/logfile.c:151:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_widths, column_widths, columns * sizeof (gint));
data/xlog-2.0.19/src/logfile/logfile.h:88:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gint (*open) (LOGDB *);
data/xlog-2.0.19/src/logfile/oh1aa.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, xlog_fields, sizeof (xlog_fields));
data/xlog-2.0.19/src/logfile/trlog.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, xlog_fields, sizeof (xlog_fields));
data/xlog-2.0.19/src/logfile/twlog.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (handle->column_fields, xlog_fields, sizeof (xlog_fields));
data/xlog-2.0.19/src/remote.c:181:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote.version = atoi (argument);
data/xlog-2.0.19/src/utils.c:816:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*zone = atoi (p + 1);
data/xlog-2.0.19/src/xlog_enum.c:193:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fr = atoi (temp);
data/xlog-2.0.19/src/xlog_enum.c:196:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fr = atoi (temp);
data/xlog-2.0.19/src/xlog_enum.c:340:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m = atoi (temp);
data/xlog-2.0.19/src/awards_enum.c:35:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (str) < 2) return 99;
data/xlog-2.0.19/src/awards_enum.c:71:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (str) < 2) return 99;
data/xlog-2.0.19/src/awards_enum.c:296:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen (str) < 6 || str[2] != '-') return NOT_AN_IOTA;
data/xlog-2.0.19/src/awards_enum.c:341:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen (str) < 4) return NOT_A_LOCATOR;
data/xlog-2.0.19/src/callbacks_mainwindow.c:184:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!GTK_WIDGET_HAS_FOCUS (callentry) && (strlen (call) == 0))
data/xlog-2.0.19/src/callbacks_mainwindow.c:206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (call) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow.c:220:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaulttxrst) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow.c:242:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultrxrst) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_list.c:113:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(entry) > 4)
data/xlog-2.0.19/src/callbacks_mainwindow_list.c:123:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(entry) > 4)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:256:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (endentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:276:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(gtk_editable_get_chars (GTK_EDITABLE (bandentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:282:2: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(gtk_editable_get_chars (GTK_EDITABLE (modeentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:287:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (rstentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:294:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (powerentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:303:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultmhz) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:305:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (bandentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:312:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultmode) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:314:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (modeentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:321:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaulttxrst) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:322:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (rstentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:350:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gtk_widget_get_visible (powerhbox) && strlen (preferences.defaultpower) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:352:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (powerentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:358:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultrxrst) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:361:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (myrstentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:364:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultawards) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:367:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (awardsentry), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:371:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gtk_widget_get_visible (unknown1hbox) && strlen (preferences.defaultfreefield1) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:374:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (unknownentry1), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:378:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gtk_widget_get_visible (unknown2hbox) && strlen (preferences.defaultfreefield2) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:381:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gtk_editable_get_chars (GTK_EDITABLE (unknownentry2), 0, -1)) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_menu.c:385:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gtk_widget_get_visible (remarksvbox) && strlen (preferences.defaultremarks) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:157:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call) > 2)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:190:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(callsign) < 2) return; /* for responsiveness */
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:205:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!g_ascii_strncasecmp (callsign, logcallsign, strlen (callsign)))
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:217:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b4[j]) > 0) /* for responsiveness */
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:273:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (shareCall, call, SHMSIZE); /* put call in shm */
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:296:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(call) > 2)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:326:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (entry) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:335:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (entry) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:344:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (entry) == 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:349:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultremarks) == 0
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:398:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultmhz) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:433:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultmode) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:463:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaulttxrst) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:504:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultpower) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:596:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultremarks) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:610:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultmhz) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_qsoframe.c:627:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (preferences.defaultmode) > 0)
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:224:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[LOCATOR]) >= 2)
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:347:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qso[LOCATOR] && (strlen(qso[LOCATOR]) > 0))
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:359:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qso[LOCATOR] && (strlen(qso[LOCATOR]) > 0))
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:595:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (locator && (strlen(locator) > 0))
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:607:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qso[LOCATOR] && (strlen(qso[LOCATOR]) > 0))
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:837:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[LOCATOR]) >= 2)
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:942:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qso[LOCATOR] && (strlen(qso[LOCATOR]) > 0))
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:1003:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qso[LOCATOR] && (strlen(qso[LOCATOR]) > 0))
data/xlog-2.0.19/src/callbacks_mainwindow_toolbar.c:1019:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (qso[LOCATOR] && (strlen(qso[LOCATOR]) > 0))
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:93:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pathstr) > 0)
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:104:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pathstr) > 0)
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:119:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (logs) == 0)
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:134:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (locator) == 0)
data/xlog-2.0.19/src/callbacks_preferencesdialog.c:146:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (callsign) == 0)
data/xlog-2.0.19/src/dxcc.c:167:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = pfx + strlen (pfx);
data/xlog-2.0.19/src/dxcc.c:192:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = callsign + strlen (callsign);
data/xlog-2.0.19/src/dxcc.c:226:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(split[1]) > 1) && (strlen(split[1]) < strlen(split[0])))
data/xlog-2.0.19/src/dxcc.c:226:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(split[1]) > 1) && (strlen(split[1]) < strlen(split[0])))
data/xlog-2.0.19/src/dxcc.c:226:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(split[1]) > 1) && (strlen(split[1]) < strlen(split[0])))
data/xlog-2.0.19/src/dxcc.c:236:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen(split[1]) == 1) &&
data/xlog-2.0.19/src/dxcc.c:262:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = exception + strlen (exception);
data/xlog-2.0.19/src/dxcc.c:339:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (ipx = strlen (px); ipx > 0; ipx--)
data/xlog-2.0.19/src/dxcc.c:482:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc (fp);
data/xlog-2.0.19/src/dxcc.c:521:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0; i<strlen(split[7]); i++)
data/xlog-2.0.19/src/dxcc.c:581:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc (fp);
data/xlog-2.0.19/src/dxcc.c:609:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = callsign + strlen (callsign);
data/xlog-2.0.19/src/dxcc.c:619:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = callsign + strlen (callsign);
data/xlog-2.0.19/src/dxcc.c:1174:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!locator || strlen(locator) < 4)
data/xlog-2.0.19/src/dxcc.c:1190:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!locator || strlen(locator) < 4) return;
data/xlog-2.0.19/src/dxcc.c:1210:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!locator || strlen(locator) < 4) return;
data/xlog-2.0.19/src/dxcc.c:1386:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(locator) > 0)
data/xlog-2.0.19/src/gui_helpdialog.c:103:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (fbuf);
data/xlog-2.0.19/src/gui_importdialog.c:297:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 0)
data/xlog-2.0.19/src/gui_importdialog.c:394:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(programstate.importremark) > 0)
data/xlog-2.0.19/src/gui_keys.c:105:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (fbuf);
data/xlog-2.0.19/src/gui_logeditordialog.c:675:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (temp) == 0)
data/xlog-2.0.19/src/gui_logeditordialog.c:690:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (temp) == 0)
data/xlog-2.0.19/src/gui_mergedialog.c:145:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(log1) > 0) && (strlen(log1) > 0) )
data/xlog-2.0.19/src/gui_mergedialog.c:145:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (strlen(log1) > 0) && (strlen(log1) > 0) )
data/xlog-2.0.19/src/gui_netkeyer.c:121:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (sendstr) > 0)
data/xlog-2.0.19/src/gui_netkeyer.c:141:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (lastmsg) > 0)
data/xlog-2.0.19/src/gui_netkeyer.c:148:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (call) > 0)
data/xlog-2.0.19/src/gui_newlogdialog.c:59:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((len = strlen(entry)) > 0)
data/xlog-2.0.19/src/gui_newlogdialog.c:61:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = entry + strlen (entry);
data/xlog-2.0.19/src/gui_newlogdialog.c:121:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (entry) > 0)
data/xlog-2.0.19/src/gui_preferencesdialog.c:1100:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (temp) == 0)
data/xlog-2.0.19/src/gui_preferencesdialog.c:1106:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (temp) == 0)
data/xlog-2.0.19/src/gui_searchdialog.c:86:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (searchstr);
data/xlog-2.0.19/src/gui_utils.c:182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mode) > 0)
data/xlog-2.0.19/src/hamlib-utils.c:161:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(preferences.rigconf) > 0)
data/xlog-2.0.19/src/hamlib-utils.c:171:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (myrig->state.rigport.pathname, device, FILPATHLEN);
data/xlog-2.0.19/src/log.c:67:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc (in)) != EOF)
data/xlog-2.0.19/src/log.c:134:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
date = g_convert_with_fallback(q[DATE], strlen(q[DATE]), "UTF-8", "ISO-8859-1", ".", NULL, NULL, NULL);
data/xlog-2.0.19/src/log.c:174:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = g_convert_with_fallback(q[NAME], strlen(q[NAME]), "UTF-8", "ISO-8859-1", ".", NULL, NULL, NULL);
data/xlog-2.0.19/src/log.c:191:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qth = g_convert_with_fallback(q[QTH], strlen(q[QTH]), "UTF-8", "ISO-8859-1", ".", NULL, NULL, NULL);
data/xlog-2.0.19/src/log.c:211:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u1 = g_convert_with_fallback(q[U1], strlen(q[U1]), "UTF-8", "ISO-8859-1", ".", NULL, NULL, NULL);
data/xlog-2.0.19/src/log.c:228:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u2 = g_convert_with_fallback(q[U2], strlen(q[U2]), "UTF-8", "ISO-8859-1", ".", NULL, NULL, NULL);
data/xlog-2.0.19/src/log.c:245:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remarks = g_convert_with_fallback(q[REMARKS], strlen(q[REMARKS]), "UTF-8", "ISO-8859-1", ".", NULL, NULL, NULL);
data/xlog-2.0.19/src/logfile/adif3.c:409:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qfield_len = strlen(q[fld]);
data/xlog-2.0.19/src/logfile/adif3.c:428:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qfield_len = strlen(qfield);
data/xlog-2.0.19/src/logfile/adif3.c:439:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qfield_len = strlen(qfield);
data/xlog-2.0.19/src/logfile/adif3.c:489:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qfield_len = strlen(qfield);
data/xlog-2.0.19/src/logfile/adif3.c:495:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
qfield_len = strlen(qfield);
data/xlog-2.0.19/src/logfile/adif3.c:511:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fld == RST) && serial && (strlen(serial) > 0))
data/xlog-2.0.19/src/logfile/adif3.c:514:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (endptr) > 0)
data/xlog-2.0.19/src/logfile/adif3.c:515:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "<STX_STRING:%zd>%s ", strlen(serial), serial);
data/xlog-2.0.19/src/logfile/adif3.c:517:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "<STX:%zd>%s ", strlen(serial), serial);
data/xlog-2.0.19/src/logfile/adif3.c:519:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((fld == MYRST) && serial && (strlen(serial) > 0))
data/xlog-2.0.19/src/logfile/adif3.c:522:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (endptr) > 0)
data/xlog-2.0.19/src/logfile/adif3.c:523:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "<SRX_STRING:%zd>%s ", strlen(serial), serial);
data/xlog-2.0.19/src/logfile/adif3.c:525:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(fp, "<SRX:%zd>%s ", strlen(serial), serial);
data/xlog-2.0.19/src/logfile/cabrillo3.c:185:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rst, q[RST], rst_len);
data/xlog-2.0.19/src/logfile/cabrillo3.c:187:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (my_rst, q[MYRST], rst_len);
data/xlog-2.0.19/src/logfile/cabrillo3.c:190:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[RST]) > rst_len)
data/xlog-2.0.19/src/logfile/cabrillo3.c:192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[MYRST]) > rst_len)
data/xlog-2.0.19/src/logfile/cabrillo3.c:442:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((i == 6) && (strlen(programstate.importremark) > 0))
data/xlog-2.0.19/src/logfile/edi.c:181:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rst_len = p ? p - q[RST] : strlen (q[RST]);
data/xlog-2.0.19/src/logfile/edi.c:183:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rst, q[RST], rst_len);
data/xlog-2.0.19/src/logfile/edi.c:185:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (my_rst, q[MYRST], rst_len);
data/xlog-2.0.19/src/logfile/edi.c:187:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[RST]) > rst_len)
data/xlog-2.0.19/src/logfile/edi.c:189:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[MYRST]) > rst_len)
data/xlog-2.0.19/src/logfile/editest.c:134:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rst_len = p ? p - q[RST] : strlen (q[RST]);
data/xlog-2.0.19/src/logfile/editest.c:136:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (rst, q[RST], rst_len);
data/xlog-2.0.19/src/logfile/editest.c:138:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (my_rst, q[MYRST], rst_len);
data/xlog-2.0.19/src/logfile/editest.c:140:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[RST]) > rst_len)
data/xlog-2.0.19/src/logfile/editest.c:142:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[MYRST]) > rst_len)
data/xlog-2.0.19/src/logfile/editest.c:147:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (q[DATE]) == 11 && q[DATE][2] == ' ' && q[DATE][6] == ' ')
data/xlog-2.0.19/src/logfile/editest.c:151:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (q[NR] && (!q[LOCATOR] || strlen (q[LOCATOR]) == 0))
data/xlog-2.0.19/src/logfile/editest.c:256:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(field) > 2 && field[2] == ':') {
data/xlog-2.0.19/src/logfile/editest.c:267:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gmt+2, field+3, 14);
data/xlog-2.0.19/src/logfile/editest.c:272:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gmt, field, 16);
data/xlog-2.0.19/src/logfile/flog.c:77:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (header_line) < 80)
data/xlog-2.0.19/src/logfile/flog.c:203:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (buffer) != width - 1 && i < handle->column_nr - 2)
data/xlog-2.0.19/src/logfile/flog.c:209:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width = strlen (buffer);
data/xlog-2.0.19/src/logfile/logfile.c:292:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(month_abv[0]) == 0)
data/xlog-2.0.19/src/logfile/trlog.c:163:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) < 80) continue;
data/xlog-2.0.19/src/logfile/twlog.c:145:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (buffer) != 12 || feof (fp))
data/xlog-2.0.19/src/logfile/twlog.c:189:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rlen = strlen (buffer);
data/xlog-2.0.19/src/remote.c:131:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (type == 88 && entry && (strlen (entry) > 0))
data/xlog-2.0.19/src/remote.c:433:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[CALL]) > 0)
data/xlog-2.0.19/src/remote.c:493:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[DATE]) > 0)
data/xlog-2.0.19/src/remote.c:496:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[GMT]) > 0)
data/xlog-2.0.19/src/remote.c:501:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[GMTEND]) > 0)
data/xlog-2.0.19/src/remote.c:505:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[CALL]) > 0)
data/xlog-2.0.19/src/remote.c:508:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[MODE]) > 0)
data/xlog-2.0.19/src/remote.c:511:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[BAND]) > 0)
data/xlog-2.0.19/src/remote.c:514:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[RST]) > 0)
data/xlog-2.0.19/src/remote.c:517:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[MYRST]) > 0)
data/xlog-2.0.19/src/remote.c:522:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[AWARDS]) > 0)
data/xlog-2.0.19/src/remote.c:528:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[POWER]) > 0)
data/xlog-2.0.19/src/remote.c:534:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[NAME]) > 0)
data/xlog-2.0.19/src/remote.c:540:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[QTH]) > 0)
data/xlog-2.0.19/src/remote.c:546:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[LOCATOR]) > 0)
data/xlog-2.0.19/src/remote.c:552:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[U1]) > 0)
data/xlog-2.0.19/src/remote.c:558:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[U2]) > 0)
data/xlog-2.0.19/src/remote.c:566:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(qso[REMARKS]) > 0)
data/xlog-2.0.19/src/strptime.c:72:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
({ size_t len = strlen (cs1); \
data/xlog-2.0.19/src/strptime.c:79:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncasecmp ((cs1), (s2), strlen (cs1)) ? 0 : ((s2) += strlen (cs1), 1))
data/xlog-2.0.19/src/strptime.c:79:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncasecmp ((cs1), (s2), strlen (cs1)) ? 0 : ((s2) += strlen (cs1), 1))
data/xlog-2.0.19/src/strptime.c:114:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (alts); \
data/xlog-2.0.19/src/wwl.c:92:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (locator) >= 2)
ANALYSIS SUMMARY:
Hits = 291
Lines analyzed = 30632 in approximately 0.82 seconds (37474 lines/second)
Physical Source Lines of Code (SLOC) = 23646
Hits@level = [0] 93 [1] 170 [2] 92 [3] 11 [4] 18 [5] 0
Hits@level+ = [0+] 384 [1+] 291 [2+] 121 [3+] 29 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 16.2395 [1+] 12.3065 [2+] 5.11714 [3+] 1.22642 [4+] 0.761228 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.