Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xmhtml-1.1.10/book/forced_html.c
Examining data/xmhtml-1.1.10/book/simple_html.c
Examining data/xmhtml-1.1.10/book/html.c
Examining data/xmhtml-1.1.10/book/autosize_html.c
Examining data/xmhtml-1.1.10/book/work_window.c
Examining data/xmhtml-1.1.10/book/simple_html2.c
Examining data/xmhtml-1.1.10/book/html_browser.c
Examining data/xmhtml-1.1.10/http/cookie.c
Examining data/xmhtml-1.1.10/http/HTTP.c
Examining data/xmhtml-1.1.10/contrib/netscape.c
Examining data/xmhtml-1.1.10/contrib/example_5.c
Examining data/xmhtml-1.1.10/contrib/swallow.c
Examining data/xmhtml-1.1.10/contrib/swallow2.c
Examining data/xmhtml-1.1.10/contrib/gif_decode.c
Examining data/xmhtml-1.1.10/contrib/htmltest.c
Examining data/xmhtml-1.1.10/contrib/VUEorDT.c
Examining data/xmhtml-1.1.10/contrib/drawBttn.c
Examining data/xmhtml-1.1.10/include/http/HTTPP.h
Examining data/xmhtml-1.1.10/include/http/HTTP.h
Examining data/xmhtml-1.1.10/include/common/miniparse.h
Examining data/xmhtml-1.1.10/include/common/XmHTMLI.h
Examining data/xmhtml-1.1.10/include/common/xpmtags.h
Examining data/xmhtml-1.1.10/include/common/stack.h
Examining data/xmhtml-1.1.10/include/common/plc.h
Examining data/xmhtml-1.1.10/include/common/XmHTMLconf.h
Examining data/xmhtml-1.1.10/include/common/HTMLWarnings.h
Examining data/xmhtml-1.1.10/include/common/debug.h
Examining data/xmhtml-1.1.10/include/common/escapes.h
Examining data/xmhtml-1.1.10/include/common/LZWStream.h
Examining data/xmhtml-1.1.10/include/common/hash.h
Examining data/xmhtml-1.1.10/include/common/icons.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/tka.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/HTML.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-xmhtml.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/toolkit.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-xmhtml-p.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-html.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-tka.h
Examining data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-xmhtmlfuncs.h
Examining data/xmhtml-1.1.10/include/XmHTML/XmHTMLP.h
Examining data/xmhtml-1.1.10/include/XmHTML/tka.h
Examining data/xmhtml-1.1.10/include/XmHTML/XCCP.h
Examining data/xmhtml-1.1.10/include/XmHTML/HTML.h
Examining data/xmhtml-1.1.10/include/XmHTML/Balloon.h
Examining data/xmhtml-1.1.10/include/XmHTML/debug_menu.h
Examining data/xmhtml-1.1.10/include/XmHTML/resources.h
Examining data/xmhtml-1.1.10/include/XmHTML/XCC.h
Examining data/xmhtml-1.1.10/include/XmHTML/toolkit.h
Examining data/xmhtml-1.1.10/include/XmHTML/BalloonP.h
Examining data/xmhtml-1.1.10/include/XmHTML/HTMLStrings.h
Examining data/xmhtml-1.1.10/include/XmHTML/XmHTMLfuncs.h
Examining data/xmhtml-1.1.10/include/XmHTML/XmHTML.h
Examining data/xmhtml-1.1.10/lib/common/quantize.c
Examining data/xmhtml-1.1.10/lib/common/readGIF.c
Examining data/xmhtml-1.1.10/lib/common/callbacks.c
Examining data/xmhtml-1.1.10/lib/common/LZWStream.c
Examining data/xmhtml-1.1.10/lib/common/error.c
Examining data/xmhtml-1.1.10/lib/common/readGIFplc.c
Examining data/xmhtml-1.1.10/lib/common/readPNG.c
Examining data/xmhtml-1.1.10/lib/common/fonts.c
Examining data/xmhtml-1.1.10/lib/common/readFLG.c
Examining data/xmhtml-1.1.10/lib/common/object.c
Examining data/xmhtml-1.1.10/lib/common/format.c
Examining data/xmhtml-1.1.10/lib/common/stack.c
Examining data/xmhtml-1.1.10/lib/common/psfonts.c
Examining data/xmhtml-1.1.10/lib/common/map.c
Examining data/xmhtml-1.1.10/lib/common/hash.c
Examining data/xmhtml-1.1.10/lib/common/readXPM.c
Examining data/xmhtml-1.1.10/lib/common/events.c
Examining data/xmhtml-1.1.10/lib/common/layout.c
Examining data/xmhtml-1.1.10/lib/common/psoutput.c
Examining data/xmhtml-1.1.10/lib/common/readJPEG.c
Examining data/xmhtml-1.1.10/lib/common/debug.c
Examining data/xmhtml-1.1.10/lib/common/images.c
Examining data/xmhtml-1.1.10/lib/common/private.c
Examining data/xmhtml-1.1.10/lib/common/readBitmap.c
Examining data/xmhtml-1.1.10/lib/common/StringUtil.c
Examining data/xmhtml-1.1.10/lib/common/parse.c
Examining data/xmhtml-1.1.10/lib/common/colors.c
Examining data/xmhtml-1.1.10/lib/common/readJPEGplc.c
Examining data/xmhtml-1.1.10/lib/common/paint.c
Examining data/xmhtml-1.1.10/lib/common/public.c
Examining data/xmhtml-1.1.10/lib/Motif/Balloon.c
Examining data/xmhtml-1.1.10/lib/Motif/output.c
Examining data/xmhtml-1.1.10/lib/Motif/frames.c
Examining data/xmhtml-1.1.10/lib/Motif/motif.c
Examining data/xmhtml-1.1.10/lib/Motif/strings.c
Examining data/xmhtml-1.1.10/lib/Motif/warnings.c
Examining data/xmhtml-1.1.10/lib/Motif/plc.c
Examining data/xmhtml-1.1.10/lib/Motif/XCC.c
Examining data/xmhtml-1.1.10/lib/Motif/forms.c
Examining data/xmhtml-1.1.10/lib/Motif/XmImage.c
Examining data/xmhtml-1.1.10/lib/Motif/XmHTML.c
Examining data/xmhtml-1.1.10/lib/Motif/getps.c
Examining data/xmhtml-1.1.10/lib/Motif/textsel.c
Examining data/xmhtml-1.1.10/lib/Motif/debug_menu.c
Examining data/xmhtml-1.1.10/lib/compat/regex.c
Examining data/xmhtml-1.1.10/lib/compat/GNUregex.h
Examining data/xmhtml-1.1.10/lib/gtk/output.c
Examining data/xmhtml-1.1.10/lib/gtk/frames.c
Examining data/xmhtml-1.1.10/lib/gtk/gtk.c
Examining data/xmhtml-1.1.10/lib/gtk/plc.c
Examining data/xmhtml-1.1.10/lib/gtk/forms.c
Examining data/xmhtml-1.1.10/lib/gtk/XmImage.c
Examining data/xmhtml-1.1.10/lib/gtk/XmHTML.c
Examining data/xmhtml-1.1.10/lib/gtk/getps.c
Examining data/xmhtml-1.1.10/lib/gtk/textsel.c
Examining data/xmhtml-1.1.10/tools/gif2gzf.c
Examining data/xmhtml-1.1.10/tools/gifinfo.c
Examining data/xmhtml-1.1.10/tools/mkStrings.c
Examining data/xmhtml-1.1.10/tools/httpget.c
Examining data/xmhtml-1.1.10/tools/GetRepTypes.c
Examining data/xmhtml-1.1.10/tools/ImBuffer.h
Examining data/xmhtml-1.1.10/tools/miniparse.c
Examining data/xmhtml-1.1.10/tools/ImBuffer.c
Examining data/xmhtml-1.1.10/tools/WidgetSize.c
Examining data/xmhtml-1.1.10/examples/cache.h
Examining data/xmhtml-1.1.10/examples/example_2.c
Examining data/xmhtml-1.1.10/examples/example_4.c
Examining data/xmhtml-1.1.10/examples/history.c
Examining data/xmhtml-1.1.10/examples/menu.h
Examining data/xmhtml-1.1.10/examples/cache.c
Examining data/xmhtml-1.1.10/examples/misc.h
Examining data/xmhtml-1.1.10/examples/ftypes.h
Examining data/xmhtml-1.1.10/examples/misc.c
Examining data/xmhtml-1.1.10/examples/menu.c
Examining data/xmhtml-1.1.10/examples/history.h
Examining data/xmhtml-1.1.10/examples/visual.c
Examining data/xmhtml-1.1.10/examples/menuItems.h
Examining data/xmhtml-1.1.10/examples/example_1.c
FINAL RESULTS:
data/xmhtml-1.1.10/contrib/example_5.c:442:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
cc = readlink(filename, buf, 1024);
data/xmhtml-1.1.10/examples/misc.c:384:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
cc = readlink(filename, buf, 1024);
data/xmhtml-1.1.10/contrib/example_5.c:277:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(debug) { printf MSG ; fflush(stdout); } }while(0)
data/xmhtml-1.1.10/contrib/example_5.c:327:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fd = popen(cmd, "r");
data/xmhtml-1.1.10/contrib/example_5.c:416:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)(paths[max_paths]), path);
data/xmhtml-1.1.10/contrib/example_5.c:458:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, buf);
data/xmhtml-1.1.10/contrib/example_5.c:504:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(filename, R_OK)))
data/xmhtml-1.1.10/contrib/example_5.c:507:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s", &filename[1]);
data/xmhtml-1.1.10/contrib/example_5.c:511:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, filename);
data/xmhtml-1.1.10/contrib/example_5.c:527:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(real_file, "%s%s", (char*)(paths[i]), tmp);
data/xmhtml-1.1.10/contrib/example_5.c:530:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(real_file, R_OK)))
data/xmhtml-1.1.10/contrib/example_5.c:550:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(real_file, real_file[len] == '/' ?
data/xmhtml-1.1.10/contrib/example_5.c:552:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(real_file, R_OK)))
data/xmhtml-1.1.10/contrib/example_5.c:558:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(real_file, real_file[len] == '/' ?
data/xmhtml-1.1.10/contrib/example_5.c:560:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(real_file, R_OK)))
data/xmhtml-1.1.10/contrib/example_5.c:581:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s:\ncannot display: unable to locate file.", filename);
data/xmhtml-1.1.10/contrib/example_5.c:606:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret_val, "%s%s", pname, fname);
data/xmhtml-1.1.10/contrib/example_5.c:711:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:\ncannot display: %s", filename, strerror(errno));
data/xmhtml-1.1.10/contrib/example_5.c:721:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:\ncannot display, unable to load file.", filename);
data/xmhtml-1.1.10/contrib/example_5.c:723:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:\ncannot display, support for this image type "
data/xmhtml-1.1.10/contrib/example_5.c:1288:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "netscape -remote 'mailto(%s)'", url);
data/xmhtml-1.1.10/contrib/example_5.c:1290:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "netscape -remote 'news(%s)'", url);
data/xmhtml-1.1.10/contrib/example_5.c:1292:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "netscape -remote 'openURL(%s)'", url);
data/xmhtml-1.1.10/contrib/example_5.c:1295:7: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(execl("/bin/sh", "/bin/sh", "-c", cmd, NULL) == -1)
data/xmhtml-1.1.10/contrib/example_5.c:1427:10: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(execl("/bin/sh", "/bin/sh", "-c", cmd, NULL) == -1)
data/xmhtml-1.1.10/contrib/example_5.c:1840:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(*dest + *size, fmt, arg_list);
data/xmhtml-1.1.10/contrib/example_5.c:1891:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(this_font, "*-%s-normal-*",
data/xmhtml-1.1.10/contrib/example_5.c:1914:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_font, this_font);
data/xmhtml-1.1.10/contrib/example_5.c:1926:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_font, default_font);
data/xmhtml-1.1.10/contrib/example_5.c:1958:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_charset, this_charset);
data/xmhtml-1.1.10/contrib/example_5.c:1980:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_charset, default_charset);
data/xmhtml-1.1.10/contrib/example_5.c:2483:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, url);
data/xmhtml-1.1.10/contrib/example_5.c:2495:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, &url[len - 36]);
data/xmhtml-1.1.10/contrib/example_5.c:2564:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Follow this link (%s)", collapseURL(info->anchor->href));
data/xmhtml-1.1.10/contrib/example_5.c:2577:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Open this image (%s)", collapseURL(info->image->url));
data/xmhtml-1.1.10/contrib/example_5.c:3472:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "A Simple HTML browser using\n"
data/xmhtml-1.1.10/contrib/htmltest.c:205:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
spacing) sprintf (fontfamily,"%s-%s-%s-%s",foundry,family,
data/xmhtml-1.1.10/contrib/htmltest.c:392:13: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(start,wc_array);
data/xmhtml-1.1.10/examples/example_2.c:385:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(debug) { printf MSG ; fflush(stdout); } }while(0)
data/xmhtml-1.1.10/examples/example_2.c:566:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)(paths[max_paths]), path);
data/xmhtml-1.1.10/examples/example_2.c:612:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(filename, R_OK)))
data/xmhtml-1.1.10/examples/example_2.c:615:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s", &filename[1]);
data/xmhtml-1.1.10/examples/example_2.c:619:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, filename);
data/xmhtml-1.1.10/examples/example_2.c:635:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(real_file, "%s%s", (char*)(paths[i]), tmp);
data/xmhtml-1.1.10/examples/example_2.c:638:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(real_file, R_OK)))
data/xmhtml-1.1.10/examples/example_2.c:658:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(real_file, real_file[len] == '/' ?
data/xmhtml-1.1.10/examples/example_2.c:660:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(real_file, R_OK)))
data/xmhtml-1.1.10/examples/example_2.c:666:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(real_file, real_file[len] == '/' ?
data/xmhtml-1.1.10/examples/example_2.c:668:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!(access(real_file, R_OK)))
data/xmhtml-1.1.10/examples/example_2.c:689:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s:\ncannot display: unable to locate file.", filename);
data/xmhtml-1.1.10/examples/example_2.c:714:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ret_val, "%s%s", pname, fname);
data/xmhtml-1.1.10/examples/example_2.c:1544:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "netscape -remote 'mailto(%s)'", url);
data/xmhtml-1.1.10/examples/example_2.c:1546:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "netscape -remote 'news(%s)'", url);
data/xmhtml-1.1.10/examples/example_2.c:1548:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "netscape -remote 'openURL(%s)'", url);
data/xmhtml-1.1.10/examples/example_2.c:1551:7: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(execl("/bin/sh", "/bin/sh", "-c", cmd, NULL) == -1)
data/xmhtml-1.1.10/examples/example_2.c:1578:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fd = popen(cmd, "r");
data/xmhtml-1.1.10/examples/example_2.c:1791:10: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(execl("/bin/sh", "/bin/sh", "-c", cmd, NULL) == -1)
data/xmhtml-1.1.10/examples/example_2.c:1888:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env[i],"%s=%s", name, value);
data/xmhtml-1.1.10/examples/example_2.c:2555:8: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(*dest + *size, fmt, arg_list);
data/xmhtml-1.1.10/examples/example_2.c:3199:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(this_font, "*-%s-normal-*",
data/xmhtml-1.1.10/examples/example_2.c:3222:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_font, this_font);
data/xmhtml-1.1.10/examples/example_2.c:3234:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_font, default_font);
data/xmhtml-1.1.10/examples/example_2.c:3266:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_charset, this_charset);
data/xmhtml-1.1.10/examples/example_2.c:3288:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_charset, default_charset);
data/xmhtml-1.1.10/examples/example_2.c:4036:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Follow this link (%s)", collapseURL(info->anchor->href));
data/xmhtml-1.1.10/examples/example_2.c:4049:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Open this image (%s)", collapseURL(info->image->url));
data/xmhtml-1.1.10/examples/example_2.c:4388:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(loc_url, url);
data/xmhtml-1.1.10/examples/example_2.c:4772:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(loc_url, "%s:%ix%i", url, width, height);
data/xmhtml-1.1.10/examples/example_2.c:4993:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "A Simple HTML browser using\n"
data/xmhtml-1.1.10/examples/example_2.c:5876:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(default_font, font);
data/xmhtml-1.1.10/examples/example_2.c:5877:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_font, font);
data/xmhtml-1.1.10/examples/example_2.c:5880:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(default_charset, charset);
data/xmhtml-1.1.10/examples/example_2.c:5881:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_charset, charset);
data/xmhtml-1.1.10/examples/example_4.c:327:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s", ".cache", fileent->d_name);
data/xmhtml-1.1.10/examples/example_4.c:505:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, ".cache/%s%s", hostname, file);
data/xmhtml-1.1.10/examples/history.c:56:14: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(debug) { printf MSG ; fflush(stdout); } }while(0)
data/xmhtml-1.1.10/examples/menu.c:99:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(menu_name,"%sMenu", title);
data/xmhtml-1.1.10/examples/menu.c:232:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(menu_name,"%sMenu", title);
data/xmhtml-1.1.10/examples/misc.c:245:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldPathname, pathname);
data/xmhtml-1.1.10/examples/misc.c:247:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pathname, wd);
data/xmhtml-1.1.10/examples/misc.c:249:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pathname, oldPathname);
data/xmhtml-1.1.10/examples/misc.c:400:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, buf);
data/xmhtml-1.1.10/examples/misc.c:504:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, url);
data/xmhtml-1.1.10/examples/misc.c:516:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, &url[len - 36]);
data/xmhtml-1.1.10/examples/misc.c:543:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:\ncannot display: %s", filename, strerror(errno));
data/xmhtml-1.1.10/examples/misc.c:552:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:\ncannot display, unable to load file.", filename);
data/xmhtml-1.1.10/examples/misc.c:554:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:\ncannot display, support for this image type "
data/xmhtml-1.1.10/http/HTTP.c:322:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(reqStr,
data/xmhtml-1.1.10/http/HTTP.c:348:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(reqStr, "%s%s%s%s%s",
data/xmhtml-1.1.10/http/HTTP.c:363:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullReqStr,
data/xmhtml-1.1.10/http/HTTP.c:391:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(reqStr,
data/xmhtml-1.1.10/http/HTTP.c:1224:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_url, "%s://", u_scheme);
data/xmhtml-1.1.10/http/HTTP.c:1226:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_url, "%s://", b_scheme);
data/xmhtml-1.1.10/http/HTTP.c:1229:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_url, u_hostname);
data/xmhtml-1.1.10/http/HTTP.c:1231:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_url, b_hostname);
data/xmhtml-1.1.10/http/HTTP.c:1237:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_url, u_filename);
data/xmhtml-1.1.10/http/HTTP.c:1241:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_url, u_filename);
data/xmhtml-1.1.10/http/HTTP.c:1250:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_url, b_filename);
data/xmhtml-1.1.10/http/HTTP.c:1255:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpP, u_filename);
data/xmhtml-1.1.10/http/HTTP.c:1258:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_url, u_filename);
data/xmhtml-1.1.10/http/cookie.c:260:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,
data/xmhtml-1.1.10/http/cookie.c:283:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,
data/xmhtml-1.1.10/http/cookie.c:359:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmpHost, hostname);
data/xmhtml-1.1.10/http/cookie.c:440:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cookie, cookieList->cookie->cookie.name);
data/xmhtml-1.1.10/http/cookie.c:442:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cookie, cookieList->cookie->cookie.value);
data/xmhtml-1.1.10/http/cookie.c:449:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cookie, cookieList->cookie->path);
data/xmhtml-1.1.10/http/cookie.c:456:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cookie, cookieList->cookie->domain);
data/xmhtml-1.1.10/http/cookie.c:650:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(d,value);
data/xmhtml-1.1.10/http/cookie.c:682:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(d,value);
data/xmhtml-1.1.10/http/cookie.c:713:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(name, "expires %s, %d-%s-%d %d:%d%d",
data/xmhtml-1.1.10/include/http/HTTP.h:364:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
((STR) != NULL ? (strcpy(malloc(strlen(STR)+1),STR)) : NULL)
data/xmhtml-1.1.10/lib/Motif/forms.c:289:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(passwd, entry->content);
data/xmhtml-1.1.10/lib/Motif/getps.c:287:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret_val, buf);
data/xmhtml-1.1.10/lib/Motif/output.c:890:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret_val, buf);
data/xmhtml-1.1.10/lib/Motif/textsel.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_131);
data/xmhtml-1.1.10/lib/Motif/textsel.c:816:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_132);
data/xmhtml-1.1.10/lib/Motif/textsel.c:819:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_133);
data/xmhtml-1.1.10/lib/Motif/textsel.c:822:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_134);
data/xmhtml-1.1.10/lib/Motif/textsel.c:825:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_135);
data/xmhtml-1.1.10/lib/common/LZWStream.c:209:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(system(lzw->zCmd))
data/xmhtml-1.1.10/lib/common/LZWStream.c:211:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%sCouldn't exec '%s'.", err_str,
data/xmhtml-1.1.10/lib/common/LZWStream.c:222:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%sCouldn't open uncompress file '%s'. "
data/xmhtml-1.1.10/lib/common/LZWStream.c:735:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%sno read functions attached!", err_str);
data/xmhtml-1.1.10/lib/common/LZWStream.c:779:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%scouldn't open temporary file '%s'.",
data/xmhtml-1.1.10/lib/common/LZWStream.c:790:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%scouldn't read GIF codesize.", err_str);
data/xmhtml-1.1.10/lib/common/LZWStream.c:816:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%scorrupt raster data: bad GIF codesize (%i).",
data/xmhtml-1.1.10/lib/common/LZWStream.c:854:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lzw->zCmd, zCmd != NULL ? zCmd : "uncompress");
data/xmhtml-1.1.10/lib/common/LZWStream.c:956:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_buf, "%szero-length data file.", err_str);
data/xmhtml-1.1.10/lib/common/StringUtil.c:227:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret_val, s1);
data/xmhtml-1.1.10/lib/common/colors.c:338:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, html_32_color_values[i]);
data/xmhtml-1.1.10/lib/common/debug.c:166:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:164:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(loc, "\n (%s, %s, line %i)\n", module, routine, line);
data/xmhtml-1.1.10/lib/common/error.c:169:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, err_fmt, TkaWidgetName(w), TkaWidgetClassName(w));
data/xmhtml-1.1.10/lib/common/error.c:170:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf+strlen(buf), fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:173:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, loc);
data/xmhtml-1.1.10/lib/common/error.c:181:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:184:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, loc);
data/xmhtml-1.1.10/lib/common/error.c:252:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(loc, "\n (%s, %s, line %i)\n", module, routine, line);
data/xmhtml-1.1.10/lib/common/error.c:257:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, err_fmt, TkaWidgetName(w), TkaWidgetClassName(w));
data/xmhtml-1.1.10/lib/common/error.c:259:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf+strlen(buf), fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:262:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, loc);
data/xmhtml-1.1.10/lib/common/error.c:266:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, authors);
data/xmhtml-1.1.10/lib/common/error.c:271:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:274:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, loc);
data/xmhtml-1.1.10/lib/common/error.c:278:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, authors);
data/xmhtml-1.1.10/lib/common/error.c:303:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "\n Name: %s\n Class: %s\n "
data/xmhtml-1.1.10/lib/common/error.c:311:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "cannot continue: %s failed for %i bytes.\n"
data/xmhtml-1.1.10/lib/common/fonts.c:410:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
namelen += sprintf(fontbuf, "-%s-%s-%s-%s-%s-*-*-%i-%i-%i-%s-*-%s",
data/xmhtml-1.1.10/lib/common/fonts.c:421:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(new_name, fontbuf);
data/xmhtml-1.1.10/lib/common/fonts.c:424:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(privbuf, "%s-%s-%s-%s", (foundry != NULL ? foundry : fndry),
data/xmhtml-1.1.10/lib/common/fonts.c:428:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fam_return, privbuf);
data/xmhtml-1.1.10/lib/common/fonts.c:1274:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(font_mapping, fontname);
data/xmhtml-1.1.10/lib/common/fonts.c:1298:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(font_mapping, fontname);
data/xmhtml-1.1.10/lib/common/fonts.c:1359:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(font_mapping, fontname);
data/xmhtml-1.1.10/lib/common/fonts.c:1382:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(font_mapping, fontname);
data/xmhtml-1.1.10/lib/common/fonts.c:2039:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(all_faces, face);
data/xmhtml-1.1.10/lib/common/format.c:1195:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s.", ToAsciiLower(list_stack[i].level));
data/xmhtml-1.1.10/lib/common/format.c:1198:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s.", ToAsciiUpper(list_stack[i].level));
data/xmhtml-1.1.10/lib/common/format.c:1201:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s.", ToRomanLower(list_stack[i].level));
data/xmhtml-1.1.10/lib/common/format.c:1204:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s.", ToRomanUpper(list_stack[i].level));
data/xmhtml-1.1.10/lib/common/format.c:1214:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(index, number);
data/xmhtml-1.1.10/lib/common/format.c:1977:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s%s.", prefix,
data/xmhtml-1.1.10/lib/common/format.c:1981:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s%s.", prefix,
data/xmhtml-1.1.10/lib/common/format.c:1985:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s%s.", prefix,
data/xmhtml-1.1.10/lib/common/format.c:1989:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s%s.", prefix,
data/xmhtml-1.1.10/lib/common/format.c:1994:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(number, "%s%i.", prefix, owner->list_level);
data/xmhtml-1.1.10/lib/common/format.c:2185:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "src=\"%s\"", chPtr);
data/xmhtml-1.1.10/lib/common/format.c:4626:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(data, temp->element);
data/xmhtml-1.1.10/lib/common/images.c:2315:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xbm, "%s.%i.xbm", &image->url[i+1], num);
data/xmhtml-1.1.10/lib/common/images.c:2318:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(xbm, "%s.%i.xbm", image->url, num);
data/xmhtml-1.1.10/lib/common/images.c:2915:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s: processing alpha channel", image->url);
data/xmhtml-1.1.10/lib/common/images.c:3965:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "src=\"%s\"", url);
data/xmhtml-1.1.10/lib/common/images.c:4406:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(attributes, fmt, icon->escape, index, icon->icon->width,
data/xmhtml-1.1.10/lib/common/parse.c:236:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(parser_debug) { printf MSG ; fflush(stdout); } \
data/xmhtml-1.1.10/lib/common/parse.c:1648:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(element->attributes, "src=\"%s\" "
data/xmhtml-1.1.10/lib/common/parse.c:1853:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy->element, src->element);
data/xmhtml-1.1.10/lib/common/parse.c:1859:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(©->element[len+1], src->attributes);
data/xmhtml-1.1.10/lib/common/parse.c:1907:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s <", XMHTML_MSG_122);
data/xmhtml-1.1.10/lib/common/parse.c:1919:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg, XMHTML_MSG_123, html_tokens[id], html_tokens[current]);
data/xmhtml-1.1.10/lib/common/parse.c:1925:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg, XMHTML_MSG_124, html_tokens[id]);
data/xmhtml-1.1.10/lib/common/parse.c:1931:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg, XMHTML_MSG_125, html_tokens[id], html_tokens[current]);
data/xmhtml-1.1.10/lib/common/parse.c:1937:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg, XMHTML_MSG_126, html_tokens[id]);
data/xmhtml-1.1.10/lib/common/parse.c:1943:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg, XMHTML_MSG_127, html_tokens[id]);
data/xmhtml-1.1.10/lib/common/parse.c:1949:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg, XMHTML_MSG_128, html_tokens[id], html_tokens[current]);
data/xmhtml-1.1.10/lib/common/parse.c:1952:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s", XMHTML_MSG_129); /* "%s" is a workaround for false positive of -Werror=format-security */
data/xmhtml-1.1.10/lib/common/parse.c:1960:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, XMHTML_MSG_130);
data/xmhtml-1.1.10/lib/common/parse.c:3001:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s.%i", prefix, count);
data/xmhtml-1.1.10/lib/common/parse.c:3094:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s.%i.html", prefix, count);
data/xmhtml-1.1.10/lib/common/parse.c:3892:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmpPtr, content_image, parser->source);
data/xmhtml-1.1.10/lib/common/parse.c:4285:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chPtr, html_tokens[tmp->id]);
data/xmhtml-1.1.10/lib/common/parse.c:4292:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chPtr, tmp->attributes);
data/xmhtml-1.1.10/lib/common/parse.c:4299:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(chPtr, tmp->element);
data/xmhtml-1.1.10/lib/common/parse.c:4442:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret_val, s1);
data/xmhtml-1.1.10/lib/common/parse.c:4519:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, arg_list);
data/xmhtml-1.1.10/lib/common/psoutput.c:410:8: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(dpy->string + dpy->len, format, args);
data/xmhtml-1.1.10/lib/common/psoutput.c:569:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fstr, "%s %d SF", fstyle, font->ptsize);
data/xmhtml-1.1.10/lib/common/psoutput.c:574:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dpy->font_style, fstyle);
data/xmhtml-1.1.10/lib/common/readBitmap.c:197:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line, "#define %s %d", name_and_type, &value) == 2)
data/xmhtml-1.1.10/lib/common/readBitmap.c:209:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(((sscanf(line, "static short %s = {", name_and_type)) == 1) ||
data/xmhtml-1.1.10/lib/common/readBitmap.c:210:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
((sscanf(line,"static char * %s = {", name_and_type)) == 1))
data/xmhtml-1.1.10/lib/common/readBitmap.c:217:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line,"static char %s = [",name_and_type) == 1)
data/xmhtml-1.1.10/lib/common/readBitmap.c:416:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line, "#define %s %d", name_and_type, &value) == 2)
data/xmhtml-1.1.10/lib/common/readBitmap.c:428:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(((sscanf(line, "static short %s = {", name_and_type)) == 1) ||
data/xmhtml-1.1.10/lib/common/readBitmap.c:429:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
((sscanf(line,"static char * %s = {", name_and_type)) == 1))
data/xmhtml-1.1.10/lib/common/readBitmap.c:437:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line,"static char %s = [",name_and_type) == 1)
data/xmhtml-1.1.10/lib/compat/regex.c:479:36: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT1(x) if (debug) printf (x)
data/xmhtml-1.1.10/lib/compat/regex.c:480:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT2(x1, x2) if (debug) printf (x1, x2)
data/xmhtml-1.1.10/lib/compat/regex.c:481:45: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT3(x1, x2, x3) if (debug) printf (x1, x2, x3)
data/xmhtml-1.1.10/lib/compat/regex.c:482:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT4(x1, x2, x3, x4) if (debug) printf (x1, x2, x3, x4)
data/xmhtml-1.1.10/lib/compat/regex.c:4737:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errbuf, msg);
data/xmhtml-1.1.10/lib/gtk/forms.c:289:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(passwd, entry->content);
data/xmhtml-1.1.10/lib/gtk/getps.c:288:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret_val, buf);
data/xmhtml-1.1.10/lib/gtk/output.c:743:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret_val, buf);
data/xmhtml-1.1.10/lib/gtk/textsel.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_131);
data/xmhtml-1.1.10/lib/gtk/textsel.c:816:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_132);
data/xmhtml-1.1.10/lib/gtk/textsel.c:819:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_133);
data/xmhtml-1.1.10/lib/gtk/textsel.c:822:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_134);
data/xmhtml-1.1.10/lib/gtk/textsel.c:825:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(err_buf, XMHTML_MSG_135);
data/xmhtml-1.1.10/tools/gif2gzf.c:116:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, lzw->err_msg);
data/xmhtml-1.1.10/tools/gif2gzf.c:127:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, lzw->err_msg);
data/xmhtml-1.1.10/tools/gifinfo.c:575:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(argv[1], R_OK))
data/xmhtml-1.1.10/tools/httpget.c:148:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%i.http_get", tmp,
data/xmhtml-1.1.10/tools/httpget.c:322:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(req->url, url);
data/xmhtml-1.1.10/tools/httpget.c:349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s: %s", req->url,
data/xmhtml-1.1.10/tools/httpget.c:365:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Can't open temporary file %s for reading: %s",
data/xmhtml-1.1.10/tools/mkStrings.c:170:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(chead, app_name, "Strings");
data/xmhtml-1.1.10/tools/mkStrings.c:194:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(hhead, app_name, app_name, app_name, "Strings", app_name);
data/xmhtml-1.1.10/tools/mkStrings.c:214:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,
data/xmhtml-1.1.10/tools/mkStrings.c:232:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,
data/xmhtml-1.1.10/tools/mkStrings.c:246:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, msg);
data/xmhtml-1.1.10/tools/mkStrings.c:254:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(closure, app_name, app_name, "Strings");
data/xmhtml-1.1.10/tools/mkStrings.c:306:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(chead, app_name, "Messages");
data/xmhtml-1.1.10/tools/mkStrings.c:340:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(hhead, app_name, app_name, app_name, "Messages",
data/xmhtml-1.1.10/tools/mkStrings.c:356:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "# define %s_MSG_%i ((char *)&_%sMessages[%i])\n",
data/xmhtml-1.1.10/tools/mkStrings.c:367:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, msg);
data/xmhtml-1.1.10/tools/mkStrings.c:374:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(closure, app_name, app_name, "Messages");
data/xmhtml-1.1.10/contrib/example_5.c:3697:5: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
getwd((char*)(paths[0]));
data/xmhtml-1.1.10/examples/example_2.c:5539:2: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
getwd((char*)(paths[0]));
data/xmhtml-1.1.10/lib/common/LZWStream.c:722:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *chPtr = getenv("LZW_DEBUG");
data/xmhtml-1.1.10/lib/common/LZWStream.c:773:2: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
tmpnam(lzw->zName);
data/xmhtml-1.1.10/tools/httpget.c:143:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((tmp = getenv("TMP")) == NULL)
data/xmhtml-1.1.10/tools/httpget.c:144:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((tmp = getenv("TMPDIR")) == NULL)
data/xmhtml-1.1.10/tools/httpget.c:145:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((tmp = getenv("TEMP")) == NULL)
data/xmhtml-1.1.10/tools/httpget.c:146:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if((tmp = getenv("TEMPDIR")) == NULL)
data/xmhtml-1.1.10/book/html_browser.c:171:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(file = fopen(filename, "r")) || !(mime = mimeType(filename, file)))
data/xmhtml-1.1.10/book/html_browser.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmhtml-1.1.10/contrib/example_5.c:233:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char default_font[128], current_font[128];
data/xmhtml-1.1.10/contrib/example_5.c:234:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char default_charset[128], current_charset[128];
data/xmhtml-1.1.10/contrib/example_5.c:334:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<html><body>\n");
data/xmhtml-1.1.10/contrib/example_5.c:351:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "\n</body></html>\n");
data/xmhtml-1.1.10/contrib/example_5.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/contrib/example_5.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/xmhtml-1.1.10/contrib/example_5.c:517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_file[1024];
data/xmhtml-1.1.10/contrib/example_5.c:587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024], pname[1024];
data/xmhtml-1.1.10/contrib/example_5.c:654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmhtml-1.1.10/contrib/example_5.c:657:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(file, "r")) == NULL)
data/xmhtml-1.1.10/contrib/example_5.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/contrib/example_5.c:709:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(filename, "r")) == NULL)
data/xmhtml-1.1.10/contrib/example_5.c:719:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/contrib/example_5.c:941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[128], pname[1024];
data/xmhtml-1.1.10/contrib/example_5.c:1266:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(filename, "w")) == NULL)
data/xmhtml-1.1.10/contrib/example_5.c:1286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/xmhtml-1.1.10/contrib/example_5.c:1356:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/xmhtml-1.1.10/contrib/example_5.c:1761:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char this_set[128];
data/xmhtml-1.1.10/contrib/example_5.c:1797:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(this_set, "-*");
data/xmhtml-1.1.10/contrib/example_5.c:1874:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_font[128];
data/xmhtml-1.1.10/contrib/example_5.c:1962:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(current_font, "cronyx-times-*-*\0");
data/xmhtml-1.1.10/contrib/example_5.c:2266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doc_label[128];
data/xmhtml-1.1.10/contrib/example_5.c:2318:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "HTML 3.2");
data/xmhtml-1.1.10/contrib/example_5.c:2323:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "Bad HTML 3.2");
data/xmhtml-1.1.10/contrib/example_5.c:2335:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "Verified");
data/xmhtml-1.1.10/contrib/example_5.c:2340:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "Unverified");
data/xmhtml-1.1.10/contrib/example_5.c:2473:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[51];
data/xmhtml-1.1.10/contrib/example_5.c:2517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[84]; /* max label width */
data/xmhtml-1.1.10/contrib/example_5.c:3185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)buffer, ib->buffer + stream->total_in, len);
data/xmhtml-1.1.10/contrib/example_5.c:3300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmhtml-1.1.10/contrib/example_5.c:3301:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This document contains more than %i images,\n"
data/xmhtml-1.1.10/contrib/example_5.c:3350:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(filename, "r")) == NULL)
data/xmhtml-1.1.10/contrib/example_5.c:3470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[256];
data/xmhtml-1.1.10/contrib/gif_decode.c:68:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[280];
data/xmhtml-1.1.10/contrib/gif_decode.c:258:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lzw->buf[2], gstream->next_in, gstream->avail_in);
data/xmhtml-1.1.10/contrib/htmltest.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontfamily[512];
data/xmhtml-1.1.10/contrib/htmltest.c:207:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(fontfamily,"adobe-times-normal-*");
data/xmhtml-1.1.10/contrib/htmltest.c:209:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
} else strcpy(fontfamily,"adobe-times-normal-*");
data/xmhtml-1.1.10/contrib/htmltest.c:477:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd=open(argv[2],O_RDONLY);
data/xmhtml-1.1.10/contrib/swallow2.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/xmhtml-1.1.10/examples/example_1.c:135:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(filename, "r")) == NULL)
data/xmhtml-1.1.10/examples/example_2.c:316:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char default_font[128], current_font[128];
data/xmhtml-1.1.10/examples/example_2.c:317:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char default_charset[128], current_charset[128];
data/xmhtml-1.1.10/examples/example_2.c:595:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/xmhtml-1.1.10/examples/example_2.c:625:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real_file[1024];
data/xmhtml-1.1.10/examples/example_2.c:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024], pname[1024];
data/xmhtml-1.1.10/examples/example_2.c:922:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foo[128], pname[1024];
data/xmhtml-1.1.10/examples/example_2.c:1245:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(filename, "w")) == NULL)
data/xmhtml-1.1.10/examples/example_2.c:1542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/xmhtml-1.1.10/examples/example_2.c:1585:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "<html><body>\n");
data/xmhtml-1.1.10/examples/example_2.c:1602:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "\n</body></html>\n");
data/xmhtml-1.1.10/examples/example_2.c:1731:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/xmhtml-1.1.10/examples/example_2.c:2368:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char anchor_label[128];
data/xmhtml-1.1.10/examples/example_2.c:3125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char this_set[128];
data/xmhtml-1.1.10/examples/example_2.c:3167:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(this_set, "-*");
data/xmhtml-1.1.10/examples/example_2.c:3178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_font[128];
data/xmhtml-1.1.10/examples/example_2.c:3270:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(current_font, "cronyx-times-*-*\0");
data/xmhtml-1.1.10/examples/example_2.c:3328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doc_label[128];
data/xmhtml-1.1.10/examples/example_2.c:3380:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "HTML 3.2");
data/xmhtml-1.1.10/examples/example_2.c:3385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "Bad HTML 3.2");
data/xmhtml-1.1.10/examples/example_2.c:3397:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "Verified");
data/xmhtml-1.1.10/examples/example_2.c:3402:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(doc_label, "Unverified");
data/xmhtml-1.1.10/examples/example_2.c:3562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/xmhtml-1.1.10/examples/example_2.c:3784:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i bytes", getInfoSize((XtPointer)info, NULL));
data/xmhtml-1.1.10/examples/example_2.c:3798:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%ix%i pixels (scaled from %ix%i)",
data/xmhtml-1.1.10/examples/example_2.c:3802:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%ix%i pixels", info->swidth,
data/xmhtml-1.1.10/examples/example_2.c:3812:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i (reduced from %i)", preview_image->ncolors,
data/xmhtml-1.1.10/examples/example_2.c:3815:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i", preview_image->ncolors);
data/xmhtml-1.1.10/examples/example_2.c:3817:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i", info->ncolors);
data/xmhtml-1.1.10/examples/example_2.c:3827:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i, Grayscale", info->depth);
data/xmhtml-1.1.10/examples/example_2.c:3830:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i, Indexed color", info->depth);
data/xmhtml-1.1.10/examples/example_2.c:3833:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i, TrueColor", info->depth);
data/xmhtml-1.1.10/examples/example_2.c:3836:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i", info->depth);
data/xmhtml-1.1.10/examples/example_2.c:3847:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "No");
data/xmhtml-1.1.10/examples/example_2.c:3850:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "Yes, using background substitution "
data/xmhtml-1.1.10/examples/example_2.c:3854:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "Yes, using alpha channel");
data/xmhtml-1.1.10/examples/example_2.c:3857:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "Unknown");
data/xmhtml-1.1.10/examples/example_2.c:3865:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i images cached (%i bytes)", nobjects, cache_size);
data/xmhtml-1.1.10/examples/example_2.c:3981:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[84]; /* max label width */
data/xmhtml-1.1.10/examples/example_2.c:4364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_url[1024];
data/xmhtml-1.1.10/examples/example_2.c:4404:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(filename, "r")) == NULL)
data/xmhtml-1.1.10/examples/example_2.c:4684:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)buffer, ib->buffer + stream->total_in, len);
data/xmhtml-1.1.10/examples/example_2.c:4767:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_url[1024];
data/xmhtml-1.1.10/examples/example_2.c:4807:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmhtml-1.1.10/examples/example_2.c:4808:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "This document contains more than %i images,\n"
data/xmhtml-1.1.10/examples/example_2.c:4856:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(filename, "r")) == NULL)
data/xmhtml-1.1.10/examples/example_2.c:4988:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[256];
data/xmhtml-1.1.10/examples/example_2.c:5168:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
html_config[OPTIONS_TABWIDTH].value = (Boolean)atoi(buf);
data/xmhtml-1.1.10/examples/example_2.c:5188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/xmhtml-1.1.10/examples/example_2.c:5205:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", html_config[OPTIONS_TABWIDTH].value);
data/xmhtml-1.1.10/examples/example_2.c:5410:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((animation_timeout= atoi(argv[i])) < 50)
data/xmhtml-1.1.10/examples/example_2.c:5466:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((progressive_data_skip = atoi(argv[i])) <= 0)
data/xmhtml-1.1.10/examples/example_2.c:5486:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((progressive_data_inc = atoi(argv[i])) <= 0)
data/xmhtml-1.1.10/examples/example_4.c:152:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(filename, "r")) == NULL) {
data/xmhtml-1.1.10/examples/example_4.c:326:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/xmhtml-1.1.10/examples/example_4.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024];
data/xmhtml-1.1.10/examples/menu.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menu_name[512];
data/xmhtml-1.1.10/examples/menu.c:108:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(menu_name, "_Option");
data/xmhtml-1.1.10/examples/menu.c:112:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(menu_name, "_Popup");
data/xmhtml-1.1.10/examples/menu.c:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menu_name[512];
data/xmhtml-1.1.10/examples/menu.c:241:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(menu_name, "_Option");
data/xmhtml-1.1.10/examples/menu.c:245:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(menu_name, "_Popup");
data/xmhtml-1.1.10/examples/misc.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldPathname[MAXPATHLEN+1], wd[MAXPATHLEN+1];
data/xmhtml-1.1.10/examples/misc.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/examples/misc.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmhtml-1.1.10/examples/misc.c:449:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(file, "r")) == NULL)
data/xmhtml-1.1.10/examples/misc.c:494:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[51];
data/xmhtml-1.1.10/examples/misc.c:538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/examples/misc.c:541:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(filename, "r")) == NULL)
data/xmhtml-1.1.10/http/HTTP.c:227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&name.sin_addr, server->h_addr, server->h_length);
data/xmhtml-1.1.10/http/HTTP.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&name.sin_addr.s_addr, server->h_addr, server->h_length);
data/xmhtml-1.1.10/http/HTTP.c:543:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(res->headers[i].value);
data/xmhtml-1.1.10/http/HTTP.c:546:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) request->out_data, res->data, len);
data/xmhtml-1.1.10/http/HTTP.c:555:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen((char *) request->in_data, "w")) == NULL)
data/xmhtml-1.1.10/http/HTTP.c:566:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(res->headers[i].value);
data/xmhtml-1.1.10/http/HTTP.c:594:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen((char *) request->in_data, "w")) == NULL)
data/xmhtml-1.1.10/http/HTTP.c:824:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(res->headers[res->num_headers].value);
data/xmhtml-1.1.10/http/HTTP.c:835:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) res->data, &buf[i + 4], len);
data/xmhtml-1.1.10/http/HTTP.c:855:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char allow[97] =
data/xmhtml-1.1.10/http/HTTP.c:1174:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = atoi(tmp);
data/xmhtml-1.1.10/http/HTTP.c:1207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_url[1024];
data/xmhtml-1.1.10/http/HTTP.c:1233:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(new_url, "localhost");
data/xmhtml-1.1.10/http/cookie.c:229:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) != NULL) {
data/xmhtml-1.1.10/http/cookie.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4097]; /* the maximum length of a cookie as defined by the spec. */
data/xmhtml-1.1.10/http/cookie.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[128];
data/xmhtml-1.1.10/http/cookie.c:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char allInDomain[128];
data/xmhtml-1.1.10/http/cookie.c:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[128];
data/xmhtml-1.1.10/http/cookie.c:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secure[128];
data/xmhtml-1.1.10/http/cookie.c:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/xmhtml-1.1.10/http/cookie.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[128];
data/xmhtml-1.1.10/http/cookie.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[128];
data/xmhtml-1.1.10/http/cookie.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commentURL[128];
data/xmhtml-1.1.10/http/cookie.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[128];
data/xmhtml-1.1.10/http/cookie.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpHost[128];
data/xmhtml-1.1.10/http/cookie.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cookie[4097]; /* max length of a cookie */
data/xmhtml-1.1.10/http/cookie.c:435:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cookie,"Cookie2: $VERSION=\"1\"\r\nCookie: $VERSION=\"%d\"; ",cookieList->cookie->version);
data/xmhtml-1.1.10/http/cookie.c:437:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cookie,"Cookie: $VERSION=\"%d\"; ",cookieList->cookie->version);
data/xmhtml-1.1.10/http/cookie.c:447:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cookie, "$Path");
data/xmhtml-1.1.10/http/cookie.c:454:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cookie, "$Domain");
data/xmhtml-1.1.10/http/cookie.c:465:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cookie, "\r\n");
data/xmhtml-1.1.10/http/cookie.c:525:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp=fopen(cache->filename, "w") ) != NULL ) {
data/xmhtml-1.1.10/http/cookie.c:648:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[128];
data/xmhtml-1.1.10/http/cookie.c:657:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int j = atoi(value);
data/xmhtml-1.1.10/http/cookie.c:671:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cLP->cookie->version = atoi(value);
data/xmhtml-1.1.10/http/cookie.c:680:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[128];
data/xmhtml-1.1.10/http/cookie.c:708:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day[16],month[3];
data/xmhtml-1.1.10/http/cookie.c:790:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) & (c1->cookies[c1->ncookies]),
data/xmhtml-1.1.10/include/XmHTML/HTML.h:1033:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[24]; /* reserved for future use */
data/xmhtml-1.1.10/include/XmHTML/XmHTMLP.h:1373:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[60]; /* reserved for future use */
data/xmhtml-1.1.10/include/common/LZWStream.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zCmd[256]; /* uncompress command */
data/xmhtml-1.1.10/include/common/LZWStream.h:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char accum[BUFFERSIZE]; /* buffered output */
data/xmhtml-1.1.10/include/common/LZWStream.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[280]; /* input buffer */
data/xmhtml-1.1.10/include/common/LZWStream.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outBuf[16]; /* compress output buffer */
data/xmhtml-1.1.10/include/gtk-xmhtml/HTML.h:979:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[24]; /* reserved for future use */
data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-html.h:909:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[24]; /* reserved for future use */
data/xmhtml-1.1.10/include/gtk-xmhtml/gtk-xmhtml-p.h:994:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[60]; /* reserved for future use */
data/xmhtml-1.1.10/lib/Motif/XCC.c:1613:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((char*)&defs[i], (char*)&defs[close], sizeof(XColor));
data/xmhtml-1.1.10/lib/Motif/XCC.c:1780:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((char*)&defs[i], (char*)&cmap[close],
data/xmhtml-1.1.10/lib/Motif/XCC.c:1850:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((char*)&defs[i], (char*)&defs[close], sizeof(XColor));
data/xmhtml-1.1.10/lib/Motif/XmHTML.c:3308:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/Motif/XmHTML.c:3359:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/Motif/XmHTML.c:3410:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/Motif/XmHTML.c:3463:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/Motif/XmHTML.c:3511:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/Motif/XmHTML.c:3583:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/Motif/XmImage.c:151:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->data = (Byte*)memcpy(copy->data, src->data, size);
data/xmhtml-1.1.10/lib/Motif/XmImage.c:155:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->clip = (Byte*)memcpy(copy->clip, src->clip, size);
data/xmhtml-1.1.10/lib/Motif/XmImage.c:163:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->reds = (Dimension*)memcpy(copy->reds, src->reds, size);
data/xmhtml-1.1.10/lib/Motif/XmImage.c:171:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->reds = (Dimension*)memcpy(copy->reds, src->reds, size);
data/xmhtml-1.1.10/lib/Motif/XmImage.c:173:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->greens = (Dimension*)memcpy(copy->greens, src->greens, size);
data/xmhtml-1.1.10/lib/Motif/XmImage.c:175:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->blues = (Dimension*)memcpy(copy->blues, src->blues, size);
data/xmhtml-1.1.10/lib/Motif/forms.c:1158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[32]; /* 2^32 possible entries...*/
data/xmhtml-1.1.10/lib/Motif/forms.c:1159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dummy, "%i", entry->maxlength);
data/xmhtml-1.1.10/lib/Motif/forms.c:1755:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xname, current_entry->name,
data/xmhtml-1.1.10/lib/Motif/forms.c:1757:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yname, current_entry->name,
data/xmhtml-1.1.10/lib/Motif/forms.c:1759:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(xname,".x");
data/xmhtml-1.1.10/lib/Motif/forms.c:1760:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(yname,".y");
data/xmhtml-1.1.10/lib/Motif/forms.c:1761:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x,"%d", event->xbutton.x - entry->data->x);
data/xmhtml-1.1.10/lib/Motif/forms.c:1762:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(y,"%d", event->xbutton.y - entry->data->y);
data/xmhtml-1.1.10/lib/Motif/forms.c:2441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/xmhtml-1.1.10/lib/Motif/forms.c:2444:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "form-clipmask.%i.xbm", num);
data/xmhtml-1.1.10/lib/Motif/frames.c:272:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list->sizes[i++] = atoi(ptr);
data/xmhtml-1.1.10/lib/Motif/frames.c:298:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list->border = atoi(chPtr);
data/xmhtml-1.1.10/lib/Motif/frames.c:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/xmhtml-1.1.10/lib/Motif/frames.c:356:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_frame%i", current_frame);
data/xmhtml-1.1.10/lib/Motif/motif.c:728:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)tka_ret, tka, sizeof(ToolkitAbstraction));
data/xmhtml-1.1.10/lib/Motif/output.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)pout, (const void*)pdef, sizeof(XmHTMLPaperSize));
data/xmhtml-1.1.10/lib/Motif/output.c:395:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[k].word,
data/xmhtml-1.1.10/lib/Motif/output.c:412:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[i].word, words[i].len);
data/xmhtml-1.1.10/lib/Motif/output.c:453:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[i].word, words[i].len);
data/xmhtml-1.1.10/lib/Motif/plc.c:219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(plc->buffer + plc->left, plc->input_buffer, status);
data/xmhtml-1.1.10/lib/Motif/plc.c:355:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = (Byte*)memcpy(buf, plc->next_in, len);
data/xmhtml-1.1.10/lib/Motif/plc.c:1084:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(magic, plc->buffer, 10);
data/xmhtml-1.1.10/lib/Motif/plc.c:1806:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
info->reds = (Dimension*)memcpy(info->reds, reds,
data/xmhtml-1.1.10/lib/Motif/plc.c:1808:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
info->greens = (Dimension*)memcpy(info->greens, greens,
data/xmhtml-1.1.10/lib/Motif/plc.c:1810:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
info->blues = (Dimension*)memcpy(info->blues, blues,
data/xmhtml-1.1.10/lib/Motif/textsel.c:320:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[k].word,
data/xmhtml-1.1.10/lib/Motif/textsel.c:348:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[i].word, words[i].len);
data/xmhtml-1.1.10/lib/common/LZWStream.c:133:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg_buf[1024];
data/xmhtml-1.1.10/lib/common/LZWStream.c:220:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((lzw->zPipe = fopen(lzw->zName, "r")) == NULL)
data/xmhtml-1.1.10/lib/common/LZWStream.c:774:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lzw->zName, ".Z");
data/xmhtml-1.1.10/lib/common/LZWStream.c:777:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(lzw->f = fopen(lzw->zName, "w")))
data/xmhtml-1.1.10/lib/common/LZWStream.c:855:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lzw->zCmd, " ");
data/xmhtml-1.1.10/lib/common/StringUtil.c:255:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
ret = (char*)memcpy(ret, s1, len);
data/xmhtml-1.1.10/lib/common/StringUtil.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[32];
data/xmhtml-1.1.10/lib/common/StringUtil.c:343:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[32]; /* return buffer */
data/xmhtml-1.1.10/lib/common/StringUtil.c:376:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[48], *p, *q;
data/xmhtml-1.1.10/lib/common/StringUtil.c:379:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i", val);
data/xmhtml-1.1.10/lib/common/StringUtil.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/xmhtml-1.1.10/lib/common/StringUtil.c:618:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_char = (char)atoi(*escape); /* get corresponding char */
data/xmhtml-1.1.10/lib/common/StringUtil.c:827:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = atoi(chPtr);
data/xmhtml-1.1.10/lib/common/StringUtil.c:860:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = -1*atoi(chPtr);
data/xmhtml-1.1.10/lib/common/StringUtil.c:862:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret_val = atoi(chPtr);
data/xmhtml-1.1.10/lib/common/debug.c:247:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(chPtr);
data/xmhtml-1.1.10/lib/common/debug.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/xmhtml-1.1.10/lib/common/debug.c:310:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%i.out", (int)getpid());
data/xmhtml-1.1.10/lib/common/debug.c:317:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((__rsd_debug_file = fopen(tmp, "w")) != NULL)
data/xmhtml-1.1.10/lib/common/error.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[640];
data/xmhtml-1.1.10/lib/common/error.c:91:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char loc[128];
data/xmhtml-1.1.10/lib/common/error.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/xmhtml-1.1.10/lib/common/events.c:259:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
events_return = (AllEvents*)memcpy(events_return, (const void*)&events,
data/xmhtml-1.1.10/lib/common/events.c:345:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
events_return = (AllEvents*)memcpy(events_return,
data/xmhtml-1.1.10/lib/common/events.c:417:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
events_return = (AllEvents*)memcpy(events_return,
data/xmhtml-1.1.10/lib/common/fonts.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontbuf[1024], privbuf[1024];
data/xmhtml-1.1.10/lib/common/fonts.c:568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map, font, sizeof(XmHTMLfont));
data/xmhtml-1.1.10/lib/common/fonts.c:1209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontfamily[1024], font_mapping[1024];
data/xmhtml-1.1.10/lib/common/fonts.c:1457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontfamily[1024];
data/xmhtml-1.1.10/lib/common/fonts.c:1551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_list[64];
data/xmhtml-1.1.10/lib/common/fonts.c:1581:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((xmhtml_fn_sizes[i] = 10*atoi(chPtr)) == 0)
data/xmhtml-1.1.10/lib/common/fonts.c:1608:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((xmhtml_fn_fixed_sizes[i] = 10*atoi(chPtr)) == 0)
data/xmhtml-1.1.10/lib/common/fonts.c:2040:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(all_faces, ",\0");
data/xmhtml-1.1.10/lib/common/format.c:1183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index[128], number[128]; /* enough for a zillion numbers & depths */
data/xmhtml-1.1.10/lib/common/format.c:1208:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%i.", list_stack[i].level);
data/xmhtml-1.1.10/lib/common/format.c:1940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[128]; /* large enough buffer for a zillion numbers */
data/xmhtml-1.1.10/lib/common/format.c:2101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prop, parent, sizeof(TableProperties));
data/xmhtml-1.1.10/lib/common/format.c:3622:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int f_inc = atoi(chPtr);
data/xmhtml-1.1.10/lib/common/format.c:4120:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
element->len = atoi(chPtr);
data/xmhtml-1.1.10/lib/common/format.c:4904:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[7];
data/xmhtml-1.1.10/lib/common/images.c:1908:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&used, global_used, XmHTML_MAX_IMAGE_COLORS*sizeof(int));
data/xmhtml-1.1.10/lib/common/images.c:1983:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_data->cmap, master->cmap,
data/xmhtml-1.1.10/lib/common/images.c:2046:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(global_used, &used, XmHTML_MAX_IMAGE_COLORS*sizeof(int));
data/xmhtml-1.1.10/lib/common/images.c:2307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbm[1024];
data/xmhtml-1.1.10/lib/common/images.c:2642:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(file, "r")) == NULL)
data/xmhtml-1.1.10/lib/common/images.c:2911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/xmhtml-1.1.10/lib/common/images.c:3188:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(magic, ib->buffer, 30);
data/xmhtml-1.1.10/lib/common/layout.c:3989:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&box, parent, sizeof(PositionBox));
data/xmhtml-1.1.10/lib/common/layout.c:3990:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&box_return, parent, sizeof(PositionBox));
data/xmhtml-1.1.10/lib/common/layout.c:4297:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((out = fopen(file, "w")) == NULL)
data/xmhtml-1.1.10/lib/common/layout.c:4410:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((out = fopen(file, "w")) == NULL)
data/xmhtml-1.1.10/lib/common/map.c:275:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coords[num] = atoi(tmp);
data/xmhtml-1.1.10/lib/common/map.c:361:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coords[num++] = atoi(tmp);
data/xmhtml-1.1.10/lib/common/object.c:186:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attr->height = checked_tags[10] ? atoi(checked_tags[10]) : 0;
data/xmhtml-1.1.10/lib/common/object.c:187:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attr->width = checked_tags[11] ? atoi(checked_tags[11]) : 0;
data/xmhtml-1.1.10/lib/common/object.c:188:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attr->border = checked_tags[12] ? atoi(checked_tags[12]) : 0;
data/xmhtml-1.1.10/lib/common/object.c:189:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attr->hspace = checked_tags[13] ? atoi(checked_tags[13]) : 0;
data/xmhtml-1.1.10/lib/common/object.c:190:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attr->vspace = checked_tags[14] ? atoi(checked_tags[14]) : 0;
data/xmhtml-1.1.10/lib/common/parse.c:1739:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outPtr, inPtr, (ptr+1) - inPtr);
data/xmhtml-1.1.10/lib/common/parse.c:1885:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[256];
data/xmhtml-1.1.10/lib/common/parse.c:1912:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, ">.");
data/xmhtml-1.1.10/lib/common/parse.c:1959:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, "\n ");
data/xmhtml-1.1.10/lib/common/parse.c:2992:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/xmhtml-1.1.10/lib/common/parse.c:3004:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(name, "w")) == NULL)
data/xmhtml-1.1.10/lib/common/parse.c:3086:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/xmhtml-1.1.10/lib/common/parse.c:3097:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file = fopen(name, "w")) == NULL)
data/xmhtml-1.1.10/lib/common/parse.c:3294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[16], *ptr; \
data/xmhtml-1.1.10/lib/common/parse.c:4494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/lib/common/parse.c:4510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xmhtml-1.1.10/lib/common/psoutput.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char font_style[3]; /* PS font macro name, "RF", etc. */
data/xmhtml-1.1.10/lib/common/psoutput.c:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fstyle[3];
data/xmhtml-1.1.10/lib/common/psoutput.c:514:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fstr[25]="\0";
data/xmhtml-1.1.10/lib/common/psoutput.c:1161:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[256], pix;
data/xmhtml-1.1.10/lib/common/psoutput.c:2301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&dpy->screen, pdef, sizeof(XmHTMLPaperSize));
data/xmhtml-1.1.10/lib/common/public.c:1922:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(chPtr, image->url, strlen(image->url));
data/xmhtml-1.1.10/lib/common/public.c:1944:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(chPtr, anchor->href, strlen(anchor->href));
data/xmhtml-1.1.10/lib/common/quantize.c:1321:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(img_data->cmap, xcc->palette, xcc->num_palette*sizeof(XCOLOR));
data/xmhtml-1.1.10/lib/common/readBitmap.c:136:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(buf, ib->buffer + ib->next, len);
data/xmhtml-1.1.10/lib/common/readBitmap.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE], name_and_type[MAX_LINE], *t;
data/xmhtml-1.1.10/lib/common/readBitmap.c:330:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(buf, xbm->buffer + xbm->buf_pos, len);
data/xmhtml-1.1.10/lib/common/readBitmap.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE], name_and_type[MAX_LINE], *t;
data/xmhtml-1.1.10/lib/common/readBitmap.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE];
data/xmhtml-1.1.10/lib/common/readGIF.c:199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ib->buffer + ib->next, len);
data/xmhtml-1.1.10/lib/common/readGIF.c:243:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/xmhtml-1.1.10/lib/common/readGIF.c:921:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/xmhtml-1.1.10/lib/common/readGIF.c:1412:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(file, "w")) == NULL)
data/xmhtml-1.1.10/lib/common/readGIF.c:1422:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)buf, "GZF87a");
data/xmhtml-1.1.10/lib/common/readGIF.c:1428:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)buf, "GZF89a");
data/xmhtml-1.1.10/lib/common/readGIF.c:1600:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(outfile, "r");
data/xmhtml-1.1.10/lib/common/readGIFplc.c:445:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(gif->ib.buffer + gif->ib.size,
data/xmhtml-1.1.10/lib/common/readGIFplc.c:850:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/xmhtml-1.1.10/lib/common/readJPEGplc.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[JMSG_LENGTH_MAX];
data/xmhtml-1.1.10/lib/common/readPNG.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ib->buffer + ib->next, size);
data/xmhtml-1.1.10/lib/common/readPNG.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[128];
data/xmhtml-1.1.10/lib/common/readPNG.c:324:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "PNG_COLOR_TYPE_PALETTE: %i colors reported "
data/xmhtml-1.1.10/lib/common/readPNG.c:476:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "bad PNG image: unknown color type (%d)",
data/xmhtml-1.1.10/lib/compat/regex.c:65:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#ifndef bcopy
data/xmhtml-1.1.10/lib/compat/regex.c:66:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(s, d, n) memcpy ((d), (s), (n))
data/xmhtml-1.1.10/lib/compat/regex.c:66:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(s, d, n) memcpy ((d), (s), (n))
data/xmhtml-1.1.10/lib/compat/regex.c:100:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char re_syntax_table[CHAR_SET_SIZE];
data/xmhtml-1.1.10/lib/compat/regex.c:221:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (source, destination, osize), \
data/xmhtml-1.1.10/lib/compat/regex.c:1408:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[CHAR_CLASS_MAX_LENGTH + 1];
data/xmhtml-1.1.10/lib/compat/regex.c:2169:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
range_start = ((unsigned char *) p)[-2];
data/xmhtml-1.1.10/lib/compat/regex.c:2170:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
range_end = ((unsigned char *) p)[0];
data/xmhtml-1.1.10/lib/compat/regex.c:4518:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (char *) re_error_msg[(int) ret];
data/xmhtml-1.1.10/lib/gtk/XmHTML.c:3646:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/gtk/XmHTML.c:3697:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/gtk/XmHTML.c:3748:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/gtk/XmHTML.c:3801:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/gtk/XmHTML.c:3849:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/gtk/XmHTML.c:3921:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which = atoi(params[0]);
data/xmhtml-1.1.10/lib/gtk/XmImage.c:151:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->data = (Byte*)memcpy(copy->data, src->data, size);
data/xmhtml-1.1.10/lib/gtk/XmImage.c:155:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->clip = (Byte*)memcpy(copy->clip, src->clip, size);
data/xmhtml-1.1.10/lib/gtk/XmImage.c:163:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->reds = (Dimension*)memcpy(copy->reds, src->reds, size);
data/xmhtml-1.1.10/lib/gtk/XmImage.c:171:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->reds = (Dimension*)memcpy(copy->reds, src->reds, size);
data/xmhtml-1.1.10/lib/gtk/XmImage.c:173:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->greens = (Dimension*)memcpy(copy->greens, src->greens, size);
data/xmhtml-1.1.10/lib/gtk/XmImage.c:175:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
copy->blues = (Dimension*)memcpy(copy->blues, src->blues, size);
data/xmhtml-1.1.10/lib/gtk/forms.c:1158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[32]; /* 2^32 possible entries...*/
data/xmhtml-1.1.10/lib/gtk/forms.c:1159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dummy, "%i", entry->maxlength);
data/xmhtml-1.1.10/lib/gtk/forms.c:1755:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xname, current_entry->name,
data/xmhtml-1.1.10/lib/gtk/forms.c:1757:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yname, current_entry->name,
data/xmhtml-1.1.10/lib/gtk/forms.c:1759:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(xname,".x");
data/xmhtml-1.1.10/lib/gtk/forms.c:1760:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(yname,".y");
data/xmhtml-1.1.10/lib/gtk/forms.c:1761:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(x,"%d", event->xbutton.x - entry->data->x);
data/xmhtml-1.1.10/lib/gtk/forms.c:1762:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(y,"%d", event->xbutton.y - entry->data->y);
data/xmhtml-1.1.10/lib/gtk/forms.c:2440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/xmhtml-1.1.10/lib/gtk/forms.c:2443:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "form-clipmask.%i.xbm", num);
data/xmhtml-1.1.10/lib/gtk/frames.c:273:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list->sizes[i++] = atoi(ptr);
data/xmhtml-1.1.10/lib/gtk/frames.c:299:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
list->border = atoi(chPtr);
data/xmhtml-1.1.10/lib/gtk/frames.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[24];
data/xmhtml-1.1.10/lib/gtk/frames.c:357:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_frame%i", current_frame);
data/xmhtml-1.1.10/lib/gtk/output.c:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)pout, (const void*)pdef, sizeof(XmHTMLPaperSize));
data/xmhtml-1.1.10/lib/gtk/output.c:311:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[k].word,
data/xmhtml-1.1.10/lib/gtk/output.c:326:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[i].word, words[i].len);
data/xmhtml-1.1.10/lib/gtk/plc.c:212:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(plc->buffer + plc->left, plc->input_buffer, status);
data/xmhtml-1.1.10/lib/gtk/plc.c:348:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf = (Byte*)memcpy(buf, plc->next_in, len);
data/xmhtml-1.1.10/lib/gtk/plc.c:1077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(magic, plc->buffer, 10);
data/xmhtml-1.1.10/lib/gtk/plc.c:1799:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
info->reds = (Dimension*)memcpy(info->reds, reds,
data/xmhtml-1.1.10/lib/gtk/plc.c:1801:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
info->greens = (Dimension*)memcpy(info->greens, greens,
data/xmhtml-1.1.10/lib/gtk/plc.c:1803:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
info->blues = (Dimension*)memcpy(info->blues, blues,
data/xmhtml-1.1.10/lib/gtk/textsel.c:320:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[k].word,
data/xmhtml-1.1.10/lib/gtk/textsel.c:348:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chPtr, words[i].word, words[i].len);
data/xmhtml-1.1.10/tools/ImBuffer.c:69:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(file, "r")) == NULL)
data/xmhtml-1.1.10/tools/ImBuffer.c:124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ib->buffer + ib->next, len);
data/xmhtml-1.1.10/tools/gif2gzf.c:234:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(file, "w")) == NULL)
data/xmhtml-1.1.10/tools/gif2gzf.c:244:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)buf, "GZF87a");
data/xmhtml-1.1.10/tools/gif2gzf.c:250:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)buf, "GZF89a");
data/xmhtml-1.1.10/tools/gif2gzf.c:423:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lzw_debug = atoi(argv[i]);
data/xmhtml-1.1.10/tools/gif2gzf.c:452:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(argv[2], "r");
data/xmhtml-1.1.10/tools/gifinfo.c:500:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/xmhtml-1.1.10/tools/gifinfo.c:547:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/xmhtml-1.1.10/tools/gifinfo.c:583:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((output = fopen(argv[2], "w")) == NULL)
data/xmhtml-1.1.10/tools/gifinfo.c:600:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(magic, ib->buffer, 30);
data/xmhtml-1.1.10/tools/httpget.c:97:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((out = fopen(output, "w")) == NULL)
data/xmhtml-1.1.10/tools/httpget.c:141:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/xmhtml-1.1.10/tools/httpget.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/xmhtml-1.1.10/tools/httpget.c:249:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi(argv[i+1]);
data/xmhtml-1.1.10/tools/httpget.c:264:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retry = atoi(argv[i+1]);
data/xmhtml-1.1.10/tools/httpget.c:321:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(req->url, "http://");
data/xmhtml-1.1.10/tools/httpget.c:363:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((in = fopen(output, "r")) == NULL)
data/xmhtml-1.1.10/tools/miniparse.c:194:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nloops = atoi(argv[i+1]);
data/xmhtml-1.1.10/tools/miniparse.c:239:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen(input_file, "r")) == NULL)
data/xmhtml-1.1.10/tools/mkStrings.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/xmhtml-1.1.10/tools/mkStrings.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/xmhtml-1.1.10/tools/mkStrings.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/xmhtml-1.1.10/tools/mkStrings.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pfx[256];
data/xmhtml-1.1.10/tools/mkStrings.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[512];
data/xmhtml-1.1.10/tools/mkStrings.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/xmhtml-1.1.10/book/html_browser.c:245:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(start = &filename[strlen(filename)-1];
data/xmhtml-1.1.10/contrib/example_5.c:335:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(buf);
data/xmhtml-1.1.10/contrib/example_5.c:350:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = realloc(buf, strlen(buf)+20);
data/xmhtml-1.1.10/contrib/example_5.c:512:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(filename)] = '\0'; /* NULL terminate */
data/xmhtml-1.1.10/contrib/example_5.c:548:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(real_file)-1;
data/xmhtml-1.1.10/contrib/example_5.c:605:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = (String)realloc(ret_val, strlen(pname) + strlen(fname) + 1);
data/xmhtml-1.1.10/contrib/example_5.c:605:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = (String)realloc(ret_val, strlen(pname) + strlen(fname) + 1);
data/xmhtml-1.1.10/contrib/example_5.c:634:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(start = &file[strlen(file)-1]; *start && *start != '.'; start--);
data/xmhtml-1.1.10/contrib/example_5.c:1357:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, href_data->href, chPtr - href_data->href);
data/xmhtml-1.1.10/contrib/example_5.c:1405:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd[strlen(cmd)] = '\0';
data/xmhtml-1.1.10/contrib/example_5.c:1424:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd[strlen(cmd)] = '\0';
data/xmhtml-1.1.10/contrib/example_5.c:1790:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this_set, start, len);
data/xmhtml-1.1.10/contrib/example_5.c:1845:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*size += strlen(*dest + *size);
data/xmhtml-1.1.10/contrib/example_5.c:1915:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_font[strlen(this_font)] = '\0';
data/xmhtml-1.1.10/contrib/example_5.c:1927:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_font[strlen(default_font)] = '\0';
data/xmhtml-1.1.10/contrib/example_5.c:1959:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_charset[strlen(this_charset)] = '\0';
data/xmhtml-1.1.10/contrib/example_5.c:1981:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_charset[strlen(default_charset)] = '\0';
data/xmhtml-1.1.10/contrib/example_5.c:2479:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(url);
data/xmhtml-1.1.10/contrib/example_5.c:2488:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, url, 11);
data/xmhtml-1.1.10/contrib/example_5.c:3699:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char*)(paths[0]), "/");
data/xmhtml-1.1.10/contrib/htmltest.c:409:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bites = wcslen(begin); /* get wide character byte string length */
data/xmhtml-1.1.10/contrib/htmltest.c:473:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total = strlen(testString); /* get length test string */
data/xmhtml-1.1.10/contrib/htmltest.c:488:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total=read(infd,testString,eof); /* read entire file */
data/xmhtml-1.1.10/contrib/netscape.c:99:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(command)+1);
data/xmhtml-1.1.10/contrib/swallow2.c:338:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name[strlen(name)-1] == '\n') {
data/xmhtml-1.1.10/contrib/swallow2.c:339:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0';
data/xmhtml-1.1.10/examples/cache.c:164:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry->size = sizeof(CacheObject) + strlen(file);
data/xmhtml-1.1.10/examples/cache.c:372:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(url);
data/xmhtml-1.1.10/examples/example_2.c:620:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[strlen(filename)] = '\0'; /* NULL terminate */
data/xmhtml-1.1.10/examples/example_2.c:656:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(real_file)-1;
data/xmhtml-1.1.10/examples/example_2.c:713:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = (String)realloc(ret_val, strlen(pname) + strlen(fname) + 1);
data/xmhtml-1.1.10/examples/example_2.c:713:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = (String)realloc(ret_val, strlen(pname) + strlen(fname) + 1);
data/xmhtml-1.1.10/examples/example_2.c:1586:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(buf);
data/xmhtml-1.1.10/examples/example_2.c:1601:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = realloc(buf, strlen(buf)+20);
data/xmhtml-1.1.10/examples/example_2.c:1732:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, href_data->href, chPtr - href_data->href);
data/xmhtml-1.1.10/examples/example_2.c:1788:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd[strlen(cmd)] = '\0';
data/xmhtml-1.1.10/examples/example_2.c:1813:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd[strlen(cmd)] = '\0';
data/xmhtml-1.1.10/examples/example_2.c:1884:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)]='\0';
data/xmhtml-1.1.10/examples/example_2.c:1886:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen(value)]='\0';
data/xmhtml-1.1.10/examples/example_2.c:1887:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env[i] = (String)calloc(strlen(name)+strlen(value)+4, sizeof(char));
data/xmhtml-1.1.10/examples/example_2.c:1887:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env[i] = (String)calloc(strlen(name)+strlen(value)+4, sizeof(char));
data/xmhtml-1.1.10/examples/example_2.c:2386:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(href_data->title && (len = strlen(href_data->title) > 127))
data/xmhtml-1.1.10/examples/example_2.c:2392:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((len = strlen(href_data->href)) > 127)
data/xmhtml-1.1.10/examples/example_2.c:2401:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(anchor_label, href_data->title, 128);
data/xmhtml-1.1.10/examples/example_2.c:2402:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(href_data->title);
data/xmhtml-1.1.10/examples/example_2.c:2426:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(anchor_label, href_data->href, 128);
data/xmhtml-1.1.10/examples/example_2.c:2427:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(href_data->href);
data/xmhtml-1.1.10/examples/example_2.c:2560:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*size += strlen(*dest + *size);
data/xmhtml-1.1.10/examples/example_2.c:2773:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr += (strlen(chPtr) + 1);
data/xmhtml-1.1.10/examples/example_2.c:2790:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr += (strlen(chPtr)+1);
data/xmhtml-1.1.10/examples/example_2.c:3154:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(this_set, start, len);
data/xmhtml-1.1.10/examples/example_2.c:3223:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_font[strlen(this_font)] = '\0';
data/xmhtml-1.1.10/examples/example_2.c:3235:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_font[strlen(default_font)] = '\0';
data/xmhtml-1.1.10/examples/example_2.c:3267:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_charset[strlen(this_charset)] = '\0';
data/xmhtml-1.1.10/examples/example_2.c:3289:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_charset[strlen(default_charset)] = '\0';
data/xmhtml-1.1.10/examples/example_2.c:4383:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(loc_url, url, len);
data/xmhtml-1.1.10/examples/example_2.c:4387:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(url);
data/xmhtml-1.1.10/examples/example_2.c:5541:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char*)(paths[0]), "/");
data/xmhtml-1.1.10/examples/example_4.c:510:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 7; i < strlen(filename); i++)
data/xmhtml-1.1.10/examples/misc.c:144:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(src[strlen(src)-1] != sep)
data/xmhtml-1.1.10/examples/misc.c:248:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pathname, "/");
data/xmhtml-1.1.10/examples/misc.c:263:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int fullLen = strlen(fullname);
data/xmhtml-1.1.10/examples/misc.c:273:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pathname, fullname, pathLen);
data/xmhtml-1.1.10/examples/misc.c:275:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, &fullname[pathLen], fileLen);
data/xmhtml-1.1.10/examples/misc.c:426:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(start = &file[strlen(file)-1]; *start && *start != '.'; start--);
data/xmhtml-1.1.10/examples/misc.c:500:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(url);
data/xmhtml-1.1.10/examples/misc.c:509:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, url, 11);
data/xmhtml-1.1.10/http/HTTP.c:317:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqStr = (char*)malloc(strlen(GET_METHOD) + strlen(filename) +
data/xmhtml-1.1.10/http/HTTP.c:317:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqStr = (char*)malloc(strlen(GET_METHOD) + strlen(filename) +
data/xmhtml-1.1.10/http/HTTP.c:318:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(formStr ? strlen(formStr) + 1 : 0) +
data/xmhtml-1.1.10/http/HTTP.c:319:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(HTTPVERSIONHDR) + strlen(USER_AGENT) +
data/xmhtml-1.1.10/http/HTTP.c:319:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(HTTPVERSIONHDR) + strlen(USER_AGENT) +
data/xmhtml-1.1.10/http/HTTP.c:320:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(cookie ? strlen(cookie) + 1 : 0) +
data/xmhtml-1.1.10/http/HTTP.c:321:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NEWLINE) + 3);
data/xmhtml-1.1.10/http/HTTP.c:332:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = write(sock, reqStr, strlen(reqStr) + 1);
data/xmhtml-1.1.10/http/HTTP.c:344:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *reqStr = (char *) malloc(strlen(POST_METHOD) +
data/xmhtml-1.1.10/http/HTTP.c:345:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(filename) + strlen(HTTPVERSIONHDR) +
data/xmhtml-1.1.10/http/HTTP.c:345:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(filename) + strlen(HTTPVERSIONHDR) +
data/xmhtml-1.1.10/http/HTTP.c:346:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(cookie ? strlen(cookie) + 1 : 0) +
data/xmhtml-1.1.10/http/HTTP.c:347:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(USER_AGENT) + strlen(NEWLINE) + 2);
data/xmhtml-1.1.10/http/HTTP.c:347:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(USER_AGENT) + strlen(NEWLINE) + 2);
data/xmhtml-1.1.10/http/HTTP.c:359:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullReqStr = calloc(strlen(reqStr) + strlen(CONTENT_LEN) +
data/xmhtml-1.1.10/http/HTTP.c:359:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullReqStr = calloc(strlen(reqStr) + strlen(CONTENT_LEN) +
data/xmhtml-1.1.10/http/HTTP.c:360:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(CONTENT_TYPE) + MAX_FORM_LEN +
data/xmhtml-1.1.10/http/HTTP.c:361:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(formStr ? strlen(formStr) : 0 )+ 10 /* safety */,
data/xmhtml-1.1.10/http/HTTP.c:367:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(formStr ? strlen(formStr) : 0),
data/xmhtml-1.1.10/http/HTTP.c:374:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = write(sock, fullReqStr, strlen(fullReqStr) + 1);
data/xmhtml-1.1.10/http/HTTP.c:388:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqStr = (char*)malloc(strlen(HEAD_METHOD) + strlen(filename) +
data/xmhtml-1.1.10/http/HTTP.c:388:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqStr = (char*)malloc(strlen(HEAD_METHOD) + strlen(filename) +
data/xmhtml-1.1.10/http/HTTP.c:389:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(HTTPVERSIONHDR) + strlen(USER_AGENT) +
data/xmhtml-1.1.10/http/HTTP.c:389:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(HTTPVERSIONHDR) + strlen(USER_AGENT) +
data/xmhtml-1.1.10/http/HTTP.c:390:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(NEWLINE) + 3);
data/xmhtml-1.1.10/http/HTTP.c:398:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = write(sock, reqStr, strlen(reqStr) + 1);
data/xmhtml-1.1.10/http/HTTP.c:445:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
val = read(sock, buf + offset, bufsize - offset);
data/xmhtml-1.1.10/http/HTTP.c:539:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (res->data ? strlen((char *) res->data) : 0);
data/xmhtml-1.1.10/http/HTTP.c:562:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = (res->data ? strlen((char *) res->data) : 0);
data/xmhtml-1.1.10/http/HTTP.c:800:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = start, SOL = start; i < strlen(buf); i++)
data/xmhtml-1.1.10/http/HTTP.c:832:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&buf[i + 4]);
data/xmhtml-1.1.10/http/HTTP.c:934:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(formdata[i].name) * 3;
data/xmhtml-1.1.10/http/HTTP.c:936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(formdata[i].value) * 3;
data/xmhtml-1.1.10/http/HTTP.c:963:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data[strlen(data)-1] = '\0';
data/xmhtml-1.1.10/http/HTTP.c:969:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"used: %i\n", len+1, strlen(data));
data/xmhtml-1.1.10/http/HTTP.c:1063:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp.len = strlen(fslash);
data/xmhtml-1.1.10/http/HTTP.c:1068:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp.len = strlen(slash);
data/xmhtml-1.1.10/http/HTTP.c:1080:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp.len = strlen(colon + 1);
data/xmhtml-1.1.10/http/HTTP.c:1085:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp.len = strlen(slash);
data/xmhtml-1.1.10/http/HTTP.c:1095:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp.len = strlen(start);
data/xmhtml-1.1.10/http/HTTP.c:1100:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fp.len = strlen(colon + 1);
data/xmhtml-1.1.10/http/HTTP.c:1242:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(new_url, "/");
data/xmhtml-1.1.10/http/cookie.c:250:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0 ||
data/xmhtml-1.1.10/http/cookie.c:374:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncmp(filename, cache->cookies[i]->path, strlen(filename))) {
data/xmhtml-1.1.10/http/cookie.c:441:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cookie, "=");
data/xmhtml-1.1.10/http/cookie.c:443:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cookie, ";");
data/xmhtml-1.1.10/http/cookie.c:448:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cookie, "=");
data/xmhtml-1.1.10/http/cookie.c:450:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cookie, ";");
data/xmhtml-1.1.10/http/cookie.c:455:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cookie, "=");
data/xmhtml-1.1.10/http/cookie.c:457:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cookie, ";");
data/xmhtml-1.1.10/http/cookie.c:609:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n=strlen(str)-1; \
data/xmhtml-1.1.10/http/cookie.c:636:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(value)) {
data/xmhtml-1.1.10/include/http/HTTP.h:361:20: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
((STR) != NULL ? (strncpy(calloc(len+1,sizeof(char)), STR,(len))) : NULL)
data/xmhtml-1.1.10/include/http/HTTP.h:364:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((STR) != NULL ? (strcpy(malloc(strlen(STR)+1),STR)) : NULL)
data/xmhtml-1.1.10/lib/Motif/Balloon.c:396:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATTR(source_len) = strlen(req->balloon.label);
data/xmhtml-1.1.10/lib/Motif/Balloon.c:982:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATTR(source_len) = strlen(label);
data/xmhtml-1.1.10/lib/Motif/Balloon.c:1009:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ATTR(source_len) = strlen(label);
data/xmhtml-1.1.10/lib/Motif/forms.c:271:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbs->endPos = strlen(entry->content); /* delete from here to end */
data/xmhtml-1.1.10/lib/Motif/forms.c:290:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd[strlen(entry->content)] = '\0'; /* NULL terminate */
data/xmhtml-1.1.10/lib/Motif/forms.c:297:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(entry->content, cbs->text->ptr, cbs->text->length);
data/xmhtml-1.1.10/lib/Motif/forms.c:1750:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xname = calloc(strlen(current_entry->name)+3, sizeof(char));
data/xmhtml-1.1.10/lib/Motif/forms.c:1751:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yname = calloc(strlen(current_entry->name)+3, sizeof(char));
data/xmhtml-1.1.10/lib/Motif/forms.c:1756:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(current_entry->name));
data/xmhtml-1.1.10/lib/Motif/forms.c:1758:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(current_entry->name));
data/xmhtml-1.1.10/lib/Motif/getps.c:286:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/Motif/getps.c:286:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/Motif/output.c:889:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/Motif/output.c:889:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/Motif/textsel.c:788:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_131);
data/xmhtml-1.1.10/lib/Motif/textsel.c:791:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_132);
data/xmhtml-1.1.10/lib/Motif/textsel.c:794:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_133);
data/xmhtml-1.1.10/lib/Motif/textsel.c:797:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_134);
data/xmhtml-1.1.10/lib/Motif/textsel.c:800:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_135);
data/xmhtml-1.1.10/lib/Motif/textsel.c:925:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, finder->text + finder->first_char, finder->nmatch);
data/xmhtml-1.1.10/lib/common/LZWStream.c:219:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lzw->zName[strlen(lzw->zName) - 2] = '\0';
data/xmhtml-1.1.10/lib/common/LZWStream.c:858:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lzw->zName = lzw->zCmd + strlen(lzw->zCmd);
data/xmhtml-1.1.10/lib/common/StringUtil.c:226:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = malloc(strlen(s1)+1);
data/xmhtml-1.1.10/lib/common/StringUtil.c:561:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, *escape, 7);
data/xmhtml-1.1.10/lib/common/StringUtil.c:630:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, *escape, 7);
data/xmhtml-1.1.10/lib/common/StringUtil.c:698:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = chPtr+strlen(tag); /* start right after this element */
data/xmhtml-1.1.10/lib/common/StringUtil.c:748:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = chPtr+strlen(tag); /* start right after this element */
data/xmhtml-1.1.10/lib/common/StringUtil.c:755:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = chPtr+strlen(tag); /* start right after this element */
data/xmhtml-1.1.10/lib/common/callbacks.c:708:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(end = &start[strlen(start)-1]; *end != '\0' &&
data/xmhtml-1.1.10/lib/common/colors.c:180:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(hash, color, 6);
data/xmhtml-1.1.10/lib/common/colors.c:189:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(color) < 7)
data/xmhtml-1.1.10/lib/common/colors.c:191:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(color); i++)
data/xmhtml-1.1.10/lib/common/colors.c:198:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hash, color, 7);
data/xmhtml-1.1.10/lib/common/colors.c:335:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
color = realloc(color, strlen(html_32_color_values[i]));
data/xmhtml-1.1.10/lib/common/colors.c:339:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
color[strlen(html_32_color_values[i])] = '\0';
data/xmhtml-1.1.10/lib/common/debug.c:313:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, chPtr, 128);
data/xmhtml-1.1.10/lib/common/debug.c:314:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(chPtr) > 127)
data/xmhtml-1.1.10/lib/common/error.c:170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsprintf(buf+strlen(buf), fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:175:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/xmhtml-1.1.10/lib/common/error.c:186:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/xmhtml-1.1.10/lib/common/error.c:259:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsprintf(buf+strlen(buf), fmt, arg_list);
data/xmhtml-1.1.10/lib/common/error.c:264:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/xmhtml-1.1.10/lib/common/error.c:276:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "\n");
data/xmhtml-1.1.10/lib/common/fonts.c:338:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fontfam = my_strndup(name, strlen(name));
data/xmhtml-1.1.10/lib/common/fonts.c:427:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(privbuf) + strlen(fam_return)) < 1023)
data/xmhtml-1.1.10/lib/common/fonts.c:427:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(privbuf) + strlen(fam_return)) < 1023)
data/xmhtml-1.1.10/lib/common/fonts.c:494:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret_val = strncmp(name, entry->name, strlen(name));
data/xmhtml-1.1.10/lib/common/fonts.c:522:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret_val = strncmp(name, entry->name, strlen(name));
data/xmhtml-1.1.10/lib/common/fonts.c:1275:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
font_mapping[strlen(fontname)] = '\0';
data/xmhtml-1.1.10/lib/common/fonts.c:1299:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
font_mapping[strlen(fontname)] = '\0';
data/xmhtml-1.1.10/lib/common/fonts.c:1360:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
font_mapping[strlen(fontname)] = '\0';
data/xmhtml-1.1.10/lib/common/fonts.c:1383:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
font_mapping[strlen(fontname)] = '\0';
data/xmhtml-1.1.10/lib/common/fonts.c:1575:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(size_list, HTML_ATTR(font_sizes), 63);
data/xmhtml-1.1.10/lib/common/fonts.c:1602:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(size_list, HTML_ATTR(font_sizes_fixed), 63);
data/xmhtml-1.1.10/lib/common/fonts.c:2038:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
all_faces = (String)malloc(strlen(face) + 2);
data/xmhtml-1.1.10/lib/common/format.c:609:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*text == '\0' || !strlen(text))
data/xmhtml-1.1.10/lib/common/format.c:623:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((n = mblen((char*)text, (size_t)(strlen(text)))) == 1)
data/xmhtml-1.1.10/lib/common/format.c:639:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = mblen((char*)text, (size_t)(strlen(text)));
data/xmhtml-1.1.10/lib/common/format.c:869:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word->len = strlen(image->alt);
data/xmhtml-1.1.10/lib/common/format.c:927:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word->len = strlen(form->name);
data/xmhtml-1.1.10/lib/common/format.c:981:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word->len = strlen(form_entry->name);
data/xmhtml-1.1.10/lib/common/format.c:1076:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(text))
data/xmhtml-1.1.10/lib/common/format.c:1212:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(index) + strlen(number) > 128)
data/xmhtml-1.1.10/lib/common/format.c:1212:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(index) + strlen(number) > 128)
data/xmhtml-1.1.10/lib/common/format.c:1220:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word->len = strlen(index);
data/xmhtml-1.1.10/lib/common/format.c:1334:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = ((ntabs*tabwidth)+strlen(text)+1)*sizeof(char);
data/xmhtml-1.1.10/lib/common/format.c:1609:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*text == '\0' || !strlen(text))
data/xmhtml-1.1.10/lib/common/format.c:1627:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/xmhtml-1.1.10/lib/common/format.c:1671:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = mblen((char*)text, (size_t)(strlen(start)));
data/xmhtml-1.1.10/lib/common/format.c:1682:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = mblen((char*)start, (size_t)(strlen(start)));
data/xmhtml-1.1.10/lib/common/format.c:1705:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = mblen((char*)chPtr, (size_t)(strlen(chPtr)));
data/xmhtml-1.1.10/lib/common/format.c:1716:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(start);
data/xmhtml-1.1.10/lib/common/format.c:1750:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ret_val, start, len); /* copy it */
data/xmhtml-1.1.10/lib/common/format.c:1998:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
owner->len = strlen(number);
data/xmhtml-1.1.10/lib/common/format.c:2184:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = malloc(strlen(chPtr)+7);
data/xmhtml-1.1.10/lib/common/format.c:3378:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(text) == 0)
data/xmhtml-1.1.10/lib/common/format.c:4624:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(data) +
data/xmhtml-1.1.10/lib/common/format.c:4625:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(temp->element))*sizeof(char));
data/xmhtml-1.1.10/lib/common/format.c:4907:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(token, href, chPtr - href);
data/xmhtml-1.1.10/lib/common/images.c:1182:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(image->url) - 1;
data/xmhtml-1.1.10/lib/common/images.c:2313:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(image->url) - 1;
data/xmhtml-1.1.10/lib/common/images.c:3964:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = malloc(strlen(url)+7);
data/xmhtml-1.1.10/lib/common/images.c:4404:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attributes = (String)malloc((strlen(fmt) + icon->len + tmp) * sizeof(char));
data/xmhtml-1.1.10/lib/common/layout.c:4330:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key = getchar();
data/xmhtml-1.1.10/lib/common/layout.c:4442:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key = getchar();
data/xmhtml-1.1.10/lib/common/object.c:112:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_tag->tag = strndup(element, strlen(element));
data/xmhtml-1.1.10/lib/common/parse.c:1848:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src->element)+(src->attributes ? strlen(src->attributes) : 1);
data/xmhtml-1.1.10/lib/common/parse.c:1848:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src->element)+(src->attributes ? strlen(src->attributes) : 1);
data/xmhtml-1.1.10/lib/common/parse.c:1852:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src->element);
data/xmhtml-1.1.10/lib/common/parse.c:1911:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(msg, &parser->source[parser->cstart], len);
data/xmhtml-1.1.10/lib/common/parse.c:2563:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr = content + strlen(content) + 1;
data/xmhtml-1.1.10/lib/common/parse.c:2881:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = chPtr = content + strlen(content) + 1;
data/xmhtml-1.1.10/lib/common/parse.c:3301:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(token, start, chPtr - start); \
data/xmhtml-1.1.10/lib/common/parse.c:3591:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->cstart = strlen(parser->source);
data/xmhtml-1.1.10/lib/common/parse.c:3890:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpPtr = (char*)malloc((strlen(content_image) + parser->len + 1)*
data/xmhtml-1.1.10/lib/common/parse.c:3896:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->len = strlen(tmpPtr);
data/xmhtml-1.1.10/lib/common/parse.c:3906:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->len = strlen(input);
data/xmhtml-1.1.10/lib/common/parse.c:3948:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser->len = strlen(input);
data/xmhtml-1.1.10/lib/common/parse.c:4060:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_len = strlen(text);
data/xmhtml-1.1.10/lib/common/parse.c:4164:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_len = strlen(text);
data/xmhtml-1.1.10/lib/common/parse.c:4186:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input_len = strlen(text);
data/xmhtml-1.1.10/lib/common/parse.c:4248:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizes[i] = strlen(html_tokens[(htmlEnum)i]);
data/xmhtml-1.1.10/lib/common/parse.c:4263:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 1 + strlen(tmp->attributes);
data/xmhtml-1.1.10/lib/common/parse.c:4266:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(tmp->element);
data/xmhtml-1.1.10/lib/common/parse.c:4293:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr += strlen(tmp->attributes);
data/xmhtml-1.1.10/lib/common/parse.c:4300:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr += strlen(tmp->element);
data/xmhtml-1.1.10/lib/common/parse.c:4441:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = malloc(strlen(s1)+1);
data/xmhtml-1.1.10/lib/common/psoutput.c:416:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dpy->len += strlen(dpy->string + dpy->len);
data/xmhtml-1.1.10/lib/common/psoutput.c:1876:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ep = string+strlen(string);
data/xmhtml-1.1.10/lib/common/public.c:740:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
documentLoadNormal(html, text, text ? strlen(text) : 0);
data/xmhtml-1.1.10/lib/common/public.c:748:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
documentLoadNormal(html, text, text ? strlen(text) : 0);
data/xmhtml-1.1.10/lib/common/public.c:1693:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(end = &start[strlen(start)-1]; *end != '\0' && isspace(*end);
data/xmhtml-1.1.10/lib/common/public.c:1910:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize += (strlen(image->url) + 1);
data/xmhtml-1.1.10/lib/common/public.c:1922:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)memcpy(chPtr, image->url, strlen(image->url));
data/xmhtml-1.1.10/lib/common/public.c:1923:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr += (strlen(image->url) + 1);
data/xmhtml-1.1.10/lib/common/public.c:1933:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize += (strlen(anchor->href) + 1);
data/xmhtml-1.1.10/lib/common/public.c:1944:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)memcpy(chPtr, anchor->href, strlen(anchor->href));
data/xmhtml-1.1.10/lib/common/public.c:1945:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chPtr += (strlen(anchor->href) + 1);
data/xmhtml-1.1.10/lib/common/readBitmap.c:182:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line) == (MAX_LINE - 1))
data/xmhtml-1.1.10/lib/compat/regex.c:4515:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = regex_compile(s, strlen(s), re_syntax_options, &re_comp_buf);
data/xmhtml-1.1.10/lib/compat/regex.c:4526:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(s);
data/xmhtml-1.1.10/lib/compat/regex.c:4618:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = regex_compile(pattern, strlen(pattern), syntax, preg);
data/xmhtml-1.1.10/lib/compat/regex.c:4654:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(string);
data/xmhtml-1.1.10/lib/compat/regex.c:4730:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size = strlen(msg) + 1; /* Includes the null. */
data/xmhtml-1.1.10/lib/compat/regex.c:4734:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errbuf, msg, errbuf_size - 1);
data/xmhtml-1.1.10/lib/gtk/forms.c:271:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbs->endPos = strlen(entry->content); /* delete from here to end */
data/xmhtml-1.1.10/lib/gtk/forms.c:290:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passwd[strlen(entry->content)] = '\0'; /* NULL terminate */
data/xmhtml-1.1.10/lib/gtk/forms.c:297:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(entry->content, cbs->text->ptr, cbs->text->length);
data/xmhtml-1.1.10/lib/gtk/forms.c:1750:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xname = calloc(strlen(current_entry->name)+3, sizeof(char));
data/xmhtml-1.1.10/lib/gtk/forms.c:1751:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yname = calloc(strlen(current_entry->name)+3, sizeof(char));
data/xmhtml-1.1.10/lib/gtk/forms.c:1756:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(current_entry->name));
data/xmhtml-1.1.10/lib/gtk/forms.c:1758:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(current_entry->name));
data/xmhtml-1.1.10/lib/gtk/getps.c:287:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/gtk/getps.c:287:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/gtk/gtk.c:1133:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_error("strdup failed for %i bytes\n", strlen(string));
data/xmhtml-1.1.10/lib/gtk/output.c:742:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/gtk/output.c:742:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_val = realloc(ret_val, strlen(ret_val) + strlen(buf) + 1);
data/xmhtml-1.1.10/lib/gtk/textsel.c:788:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_131);
data/xmhtml-1.1.10/lib/gtk/textsel.c:791:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_132);
data/xmhtml-1.1.10/lib/gtk/textsel.c:794:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_133);
data/xmhtml-1.1.10/lib/gtk/textsel.c:797:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_134);
data/xmhtml-1.1.10/lib/gtk/textsel.c:800:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchars = strlen(XMHTML_MSG_135);
data/xmhtml-1.1.10/lib/gtk/textsel.c:925:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, finder->text + finder->first_char, finder->nmatch);
data/xmhtml-1.1.10/tools/httpget.c:149:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(tmp[strlen(tmp)-1] == '/' ? "" : "/"), (int)time(NULL));
data/xmhtml-1.1.10/tools/httpget.c:184:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j = 1; j < strlen(argv[i]); j++)
data/xmhtml-1.1.10/tools/httpget.c:204:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(argv[i+1]);
data/xmhtml-1.1.10/tools/httpget.c:218:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(argv[i+1]);
data/xmhtml-1.1.10/tools/httpget.c:234:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(j+1 == strlen(argv[i]))
data/xmhtml-1.1.10/tools/httpget.c:252:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(argv[++i]);
data/xmhtml-1.1.10/tools/httpget.c:267:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(argv[++i]);
data/xmhtml-1.1.10/tools/httpget.c:320:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
req->url = (char*)calloc(8 + strlen(url), sizeof(char));
data/xmhtml-1.1.10/tools/httpget.c:371:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(in)) != EOF)
data/xmhtml-1.1.10/tools/miniparse.c:229:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = strlen(input_file)-1; i && input_file[i] != '/'; i--);
data/xmhtml-1.1.10/tools/miniparse.c:233:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(; i != strlen(input_file) && input_file[i] != '.'; i++, j++);
data/xmhtml-1.1.10/tools/mkStrings.c:177:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0'; /* strip newline */
data/xmhtml-1.1.10/tools/mkStrings.c:179:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_size += strlen(name)+1;
data/xmhtml-1.1.10/tools/mkStrings.c:201:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0'; /* strip newline */
data/xmhtml-1.1.10/tools/mkStrings.c:238:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_size += strlen(name)+1;
data/xmhtml-1.1.10/tools/mkStrings.c:241:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outbuf) + strlen(msg) >= bufsize)
data/xmhtml-1.1.10/tools/mkStrings.c:241:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outbuf) + strlen(msg) >= bufsize)
data/xmhtml-1.1.10/tools/mkStrings.c:316:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0'; /* strip newline */
data/xmhtml-1.1.10/tools/mkStrings.c:332:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(msg_count = 0; msg_count < strlen(app_name); msg_count++)
data/xmhtml-1.1.10/tools/mkStrings.c:353:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0'; /* strip newline */
data/xmhtml-1.1.10/tools/mkStrings.c:362:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outbuf) + strlen(msg) >= bufsize)
data/xmhtml-1.1.10/tools/mkStrings.c:362:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(outbuf) + strlen(msg) >= bufsize)
data/xmhtml-1.1.10/tools/mkStrings.c:407:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0'; /* strip newline */
data/xmhtml-1.1.10/tools/mkStrings.c:409:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_size += strlen(name)+1;
data/xmhtml-1.1.10/tools/mkStrings.c:441:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen(name)-1] = '\0'; /* strip newline */
data/xmhtml-1.1.10/tools/mkStrings.c:480:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr_size += strlen(name)+1;
ANALYSIS SUMMARY:
Hits = 902
Lines analyzed = 122547 in approximately 3.02 seconds (40517 lines/second)
Physical Source Lines of Code (SLOC) = 72181
Hits@level = [0] 586 [1] 290 [2] 368 [3] 8 [4] 234 [5] 2
Hits@level+ = [0+] 1488 [1+] 902 [2+] 612 [3+] 244 [4+] 236 [5+] 2
Hits/KSLOC@level+ = [0+] 20.6148 [1+] 12.4964 [2+] 8.47869 [3+] 3.38039 [4+] 3.26956 [5+] 0.0277081
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.